Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-72HM-FX78-XWHC
HistorySep 01, 2021 - 6:40 p.m.

XSS vulnerability on contacts view

2021-09-0118:40:40
Google
osv.dev
8
mautic
xss
vulnerability
contact details
inline js
upgrade

EPSS

0.001

Percentile

33.8%

JSON

Impact

Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact’s first or last name and triggered when viewing a contact’s details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc.

Patches

Upgrade to 3.3.4 or 4.0.0

Workarounds

No

References

https://github.com/mautic/mautic/releases/tag/3.3.4
https://github.com/mautic/mautic/releases/tag/4.0.0

For more information

If you have any questions or comments about this advisory:

Related

osv 1
github 1
cnvd 1
prion 1
nvd 1
cve 1
friendsofphp 1
cvelist 1
osv
osv
CVE-2021-27911
2021-08-30 16:15:00
github
github
XSS vulnerability on contacts view
2021-09-01 18:40:40
cnvd
cnvd
Mautic Code Injection Vulnerability
2021-09-01 00:00:00
prion
prion
Design/Logic Flaw
2021-08-30 16:15:00
nvd
nvd
CVE-2021-27911
2021-08-30 16:15:07
cve
cve
CVE-2021-27911
2021-08-30 16:15:07
friendsofphp
friendsofphp
XSS vulnerability on contacts view
1970-01-01 00:00:00
cvelist
cvelist
CVE-2021-27911 XSS vulnerability on contacts view
2021-08-30 15:55:12

EPSS

0.001

Percentile

33.8%

JSON
Related for OSV:GHSA-72HM-FX78-XWHC
osv1github1cnvd1prion1nvd1cve1friendsofphp1cvelist1