{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-05T05:50:12.963","vulnerabilities":[{"cve":{"id":"CVE-2021-36020","sourceIdentifier":"psirt@adobe.com","published":"2021-09-01T15:15:09.090","lastModified":"2024-11-21T06:12:57.967","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the 'City' field. An unauthenticated attacker can trigger a specially crafted script to achieve remote code execution."},{"lang":"es","value":"Magento Commerce versiones 2.4.2 (y anteriores), versiones 2.4.2-p1 (y anteriores), y versiones 2.3.7 (y anteriores), están afectadas por una vulnerabilidad de inyección XML en el campo \"City\". Un atacante no autenticado puede desencadenar un script especialmente diseñado para lograr una ejecución de código remota"}],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@adobe.com","type":"Secondary","description":[{"lang":"en","value":"CWE-91"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-91"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:adobe_commerce:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.0","versionEndIncluding":"2.3.7","matchCriteriaId":"72F005E6-8523-49FF-91F7-644BC737DDEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:adobe_commerce:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndIncluding":"2.4.2","matchCriteriaId":"260156B9-9CEF-4732-AD94-7D3CCD784F1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:adobe_commerce:2.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"C711D725-10E3-4A9C-AAD8-9B1766CB42F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.0","versionEndIncluding":"2.3.7","matchCriteriaId":"052A5E47-66AF-4F60-8949-E2B6CE98AEE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento_open_source:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndIncluding":"2.4.2","matchCriteriaId":"ADE9F2A6-575A-48DA-ACE4-B22ABB275B6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:magento_open_source:2.4.2:p1:*:*:*:*:*:*","matchCriteriaId":"8F768F94-34F1-4FB8-8D96-3BBC9D6B8C89"}]}]}],"references":[{"url":"https://helpx.adobe.com/security/products/magento/apsb21-64.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://helpx.adobe.com/security/products/magento/apsb21-64.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}