Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-RH5W-82WH-JHR8
HistorySep 01, 2021 - 6:40 p.m.

XSS vulnerability on asset view

2021-09-0118:40:31
Google
osv.dev
13
xss
mautic
inline js
asset view
remote asset
authenticated user
permission
upgrade

EPSS

0.001

Percentile

22.7%

JSON

Impact

Mautic versions before 3.3.4 / 4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.

Patches

Upgrade to 3.3.4 or 4.0.0

Workarounds

No

References

https://github.com/mautic/mautic/releases/tag/3.3.4
https://github.com/mautic/mautic/releases/tag/4.0.0

For more information

If you have any questions or comments about this advisory:

Related

cve 1
friendsofphp 1
github 1
osv 1
cvelist 1
prion 1
cnvd 1
nvd 1
cve
cve
CVE-2021-27912
2021-08-30 16:15:07
friendsofphp
friendsofphp
XSS vulnerability on asset view
1970-01-01 00:00:00
github
github
XSS vulnerability on asset view
2021-09-01 18:40:31
osv
osv
CVE-2021-27912
2021-08-30 16:15:07
cvelist
cvelist
CVE-2021-27912 XSS vulnerability on asset view
2021-08-30 15:55:17
prion
prion
Cross site scripting
2021-08-30 16:15:00
cnvd
cnvd
Mautic Cross-Site Scripting Vulnerability (CNVD-2021-70087)
2021-09-01 00:00:00
nvd
nvd
CVE-2021-27912
2021-08-30 16:15:07

EPSS

0.001

Percentile

22.7%

JSON
Related for OSV:GHSA-RH5W-82WH-JHR8
cve1friendsofphp1github1osv1cvelist1prion1cnvd1nvd1