CVE-2021-27911 XSS vulnerability on contacts view

2021-08-3015:55:12

CWE-79

Mautic

www.cve.org

xss vulnerability

mautic

contact details

inline js

cve-2021-27911

3rd party syncing

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact’s first or last name and triggered when viewing a contact’s details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc.

CNA Affected

[
  {
    "product": "Mautic",
    "vendor": "Mautic",
    "versions": [
      {
        "lessThan": "3.3.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "4.0.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]