CVE-2021-36027

Name of the Vulnerable Software and Affected Versions Magento Commerce versions 2.4.2 and earlier Magento Commerce versions 2.4.2-p1 and earlier Magento Commerce versions 2.3.7 and earlier

Description The issue is related to the lack of protection of the web page structure in Magento Commerce, allowing a remote attacker to execute arbitrary code. This stored cross-site scripting issue could be exploited by injecting malicious scripts into vulnerable form fields, leading to the execution of malicious JavaScript in a victim's browser when they access the page containing the vulnerable field.

Recommendations For Magento Commerce versions 2.4.2 and earlier, update to a version that includes the necessary security patches to mitigate the stored cross-site scripting vulnerability. For Magento Commerce versions 2.4.2-p1 and earlier, apply the recommended security fixes to prevent malicious script injection. For Magento Commerce versions 2.3.7 and earlier, consider upgrading to a newer version or applying available patches to address the vulnerability.