Magento Commerce versions 2.4.2 (and previous versions), 2.4.2-p1 (and previous versions) and 2.3.7 (and previous versions) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an malicious user to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe adobe commerce |
||
adobe adobe commerce 2.4.2 |
||
adobe magento open source |
||
adobe magento open source 2.4.2 |