XSS vulnerability on asset view
CVE-2021-27912

7.1HIGH

Key Information:

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 30 August 2021

Summary

Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.

Affected Version(s)

Mautic < 3.3.4

Mautic < 4.0.0

References

https://github.com/mautic/mautic/security/advisories/GHSA...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 30, 2021
Vulnerability Reserved
Mar 2, 2021

Credit

Reported by Hoang Nguyen https://github.com/MatisAct, Fixed by Rohit Pavaskar https://github.com/rohitp19