Lucene search
GoogleOSV:GHSA-QJHR-C23F-W76QHistoryJan 19, 2021 - 9:16 p.m.
Inline JS XSS vulnerability in Mautic
2021-01-1921:16:24
Google
osv.dev
8
0.001 Low
EPSS
Percentile
34.2%
Impact
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
Patches
Upgrade to 2.12.0 or later.
Workarounds
None
References
https://github.com/mautic/mautic/releases/tag/2.12.0
For more information
If you have any questions or comments about this advisory:
- Email us at [email protected]
| CPE | Name | Operator | Version |
|---|---|---|---|
| mautic/core | eq | 2.5.1 | |
| mautic/core | eq | 2.11.0 | |
| mautic/core | eq | 2.3.0 | |
| mautic/core | eq | 2.8.0 | |
| mautic/core | eq | 2.9.2 | |
| mautic/core | eq | 2.12.0-beta | |
| mautic/core | eq | 2.4.0 | |
| mautic/core | eq | 2.10.1 | |
| mautic/core | eq | 2.7.1 | |
| mautic/core | eq | 2.5.0 |
Related
cvelist
cvelist
CVE-2017-1000488
2022-10-03 16:23:09
cve
cve
CVE-2017-1000488
2022-10-03 16:23:09
veracode
veracode
Cross-Site Scripting (XSS)
2021-01-20 17:09:21
nvd
nvd
CVE-2017-1000488
2018-01-03 16:29:00
prion
prion
Cross site scripting
2018-01-03 16:29:00
osv
osv
CVE-2017-1000488
2018-01-03 16:29:00
github
github
Inline JS XSS vulnerability in Mautic
2021-01-19 21:16:24