Cross-Site Scripting Vulnerability in Mautic Installer Component
CVE-2021-27914

7.6HIGH

Key Information:

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 1 June 2022

Summary

The installer component of Mautic prior to version 4.3.0 is susceptible to a cross-site scripting vulnerability. This weakness enables administrators to inject malicious JavaScript code, which may lead to unauthorized actions or information theft. Appropriate measures should be implemented to secure the application against potential exploitation, ensuring the integrity and confidentiality of user data.

Affected Version(s)

Mautic < 4.3.0

References

https://github.com/mautic/mautic/security/advisories/GHSA...

x_refsource_MISC

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 1, 2022
Vulnerability Reserved
Mar 2, 2021

Credit

Reported by Mattias Michaux, Dropsolid

Fixed by Mattias Michaux, Dropsolid