Vulnerabilities > Adobe > Adobe Commerce > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-01 | CVE-2021-36012 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. | 4.0 |
| 2021-09-01 | CVE-2021-36024 | Command Injection vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. | 6.5 |
| 2021-09-01 | CVE-2021-36025 | Improper Input Validation vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability while saving a customer's details with a specially crafted file. | 6.5 |
| 2021-09-01 | CVE-2021-36026 | Cross-site Scripting vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 4.3 |
| 2021-09-01 | CVE-2021-36027 | Cross-site Scripting vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 4.3 |
| 2021-09-01 | CVE-2021-36028 | XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. | 6.5 |
| 2021-09-01 | CVE-2021-36030 | Improper Input Validation vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. | 5.0 |
| 2021-09-01 | CVE-2021-36031 | Path Traversal vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme[preview_image]` parameter. | 6.5 |
| 2021-09-01 | CVE-2021-36033 | XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. | 6.5 |
| 2021-09-01 | CVE-2021-36035 | Improper Input Validation vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. | 6.5 |