HTTP: Adobe Magento DownloadCss.php Cross-Site Scripting

This signature detects attempts to exploit a known cross-site scripting vulnerability against Adobe Magento. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Extended Description

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a Reflected Cross-site Scripting vulnerability via 'file' parameter. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation.

Affected Products

Magento magento

References

CVE: CVE-2021-21029

Short Name
HTTP:XSS:ADOBE-MAGENTO-XSS
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Adobe CVE-2021-21029 Cross-Site DownloadCss.php Magento Scripting
Release Date
04/15/2021
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3616
False Positive
Unknown
Vendors

Magento

CVSS Score

3.5

Found a potential security threat?