Mautic Application Vulnerable to XSS Exploits
CVE-2021-27915

9CRITICAL

Key Information:

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 17 September 2024

Summary

The Mautic application contains an XSS vulnerability within the description fields that can be exploited by logged-in users who possess the appropriate permissions. This vulnerability could allow attackers to execute scripts in the context of the application, leading to potential unauthorized access or manipulation of data. Addressing this issue requires updating to the patched version to mitigate the risks presented by this vulnerability.

Affected Version(s)

Mautic >= 1.0.0-beta2

References

https://github.com/mautic/mautic/security/advisories/GHSA...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 17, 2024
Vulnerability Reserved
Mar 2, 2021

Credit

Lenon Leite