[MEDIUM] Magento stored cross-site scripting vulnerability in the customer address upload feature

PKSA-k1yz-gr5t-hhxm CVE-2021-36026 GHSA-8gfq-m4cf-w975

Affected package: magento/project-community-edition

Affected version: <=2.0.2

Reported by:
GitHub