Security Advisory

CVE-2021-28556

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-06-28 13:42:13

Last updated 2024-09-17 02:11:10

Assigner adobe

State PUBLISHED

Description

Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by an unauthenticated attacker. User interaction is required for successful exploitation.

← Browse all CVEs View on cve.org ↗