CVE-2021-21023

Name of the Vulnerable Software and Affected Versions Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier

Description The issue is related to a stored cross-site scripting vulnerability in the admin console of Magento. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation. The vulnerability is associated with a lack of protection of the web page structure, allowing a remote attacker to execute arbitrary JavaScript code in the user's browser using administrator access to the console.

Recommendations For Magento versions 2.4.1 and earlier, update to a version that includes a fix for this vulnerability. For Magento versions 2.4.0-p1 and earlier, update to a version that includes a fix for this vulnerability. For Magento versions 2.3.6 and earlier, update to a version that includes a fix for this vulnerability. As a temporary workaround, consider restricting access to the admin console to minimize the risk of exploitation.