CVE-2021-36027

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-36027

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36027.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-36027

Aliases

GHSA-x2v2-2jhp-c5hv

Published

2021-09-01T15:15:09.393Z

Modified

2026-04-10T04:35:20.764350Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

References

https://helpx.adobe.com/security/products/magento/apsb21-64.html

Affected packages

Git / github.com/magento/magento2

Affected ranges

Type

GIT

Repo

https://github.com/magento/magento2

Events

Introduced

f4c1d7526f05bdfb1327b0701cc345f94aadcaed

Last affected

44a7b6079bcac5ba92040b16f4f74024b4f34d09

Introduced

6729b6e01368248abc33300208eb292c95050203

Last affected

33242e4b19cf207d7b73f7791ef894b48bb41f8a

Introduced

Last affected

1bd5cb8c065e44779526c0b044ce19b884707695

Introduced

f4c1d7526f05bdfb1327b0701cc345f94aadcaed

Last affected

44a7b6079bcac5ba92040b16f4f74024b4f34d09

Introduced

6729b6e01368248abc33300208eb292c95050203

Last affected

33242e4b19cf207d7b73f7791ef894b48bb41f8a

Introduced

Last affected

1bd5cb8c065e44779526c0b044ce19b884707695

Database specific

{
    "versions": [
        {
            "introduced": "2.3.0"
        },
        {
            "last_affected": "2.3.7"
        },
        {
            "introduced": "2.4.0"
        },
        {
            "last_affected": "2.4.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.2-p1"
        },
        {
            "introduced": "2.3.0"
        },
        {
            "last_affected": "2.3.7"
        },
        {
            "introduced": "2.4.0"
        },
        {
            "last_affected": "2.4.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.2-p1"
        }
    ]
}

Affected versions

0.*

0.1.0-alpha100

0.1.0-alpha101

0.1.0-alpha102

0.1.0-alpha103

0.1.0-alpha104

0.1.0-alpha105

0.1.0-alpha106

0.1.0-alpha107

0.1.0-alpha108

0.1.0-alpha89

0.1.0-alpha90

0.1.0-alpha91

0.1.0-alpha92

0.1.0-alpha93

0.1.0-alpha94

0.1.0-alpha95

0.1.0-alpha96

0.1.0-alpha97

0.1.0-alpha98

0.1.0-alpha99

0.42.0-beta1

0.42.0-beta3

0.74.0-beta1

2.*

2.0.0

2.0.0-rc

2.1.0

2.1.0-rc1

2.1.0-rc2

2.1.0-rc3

2.2.0-RC1.1

2.2.0-RC1.2

2.2.0-RC1.3

2.3.7

2.4.2

2.4.2-p1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36027.json"