Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2021-21019

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to XML injection in the Widgets module. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the admin console is required for successful exploitation.

  • Published: Feb 11, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-21019
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.1
  • AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
magento / magento - 2.3.6
magento / magento 2.4.1 2.4.1.x
magento / magento 2.4.0 2.4.0.x
magento / magento 2.4.0-p1 2.4.0-p1.x
magento / magento 2.3.6 2.3.6.x