[MEDIUM] Magento stored cross-site scripting vulnerability in the customer address upload feature

PKSA-mpyd-zybm-5215 CVE-2021-36026 GHSA-8gfq-m4cf-w975

Affected package: magento/community-edition

Affected version: =2.4.2|>=2.4.2-p1,<2.4.2-p2|=2.3.7|<2.3.7-p1

Reported by:
GitHub