GitHub Advisory DatabaseGHSA-P7V4-GM6J-CW9MXSS in Mautic
0.002 Low
EPSS
Percentile
64.3%
Impact
This is a cross-site scripting vulnerability relating to creating/editing a company which requires the user to be logged in as an administrator to be executed.
This vulnerability was reported by Dardan Prebreza at Bishop Fox.
Patches
Upgrade to 3.2.4 or 2.16.5.
Link to patch for 2.x versions: https://github.com/mautic/mautic/compare/2.16.4...2.16.5.diff
Link to patch for 3.x versions: https://github.com/mautic/mautic/compare/3.2.2...3.2.4.diff
Workarounds
None
References
https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
For more information
If you have any questions or comments about this advisory:
- Post in https://forum.mautic.org/c/support
- Email us at [email protected]
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| mautic/core | lt | 2.16.5 | |
| mautic/core | lt | 3.2.4 |
References
github.com/advisories/GHSA-p7v4-gm6j-cw9m
github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-3142.yaml
github.com/mautic/mautic/commit/ba31db23e664f889da55a29ff27f797e2ab5cb1b
github.com/mautic/mautic/releases/tag/3.2.4
github.com/mautic/mautic/security/advisories/GHSA-p7v4-gm6j-cw9m
nvd.nist.gov/vuln/detail/CVE-2021-3142
www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-3
www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
Related
