Cross site scripting

2021-08-3016:15:00

PRIOn knowledge base

www.prio-n.com

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.0%

JSON

Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.

CPENameOperatorVersion
mauticeq4.0.0 alpha1
mauticeq4.0.0 beta
mauticlt3.3.4
mauticeq4.0.0 rc

Name	Operator	Version
mautic	eq	4.0.0 alpha1
mautic	eq	4.0.0 beta
mautic	lt	3.3.4
mautic	eq	4.0.0 rc

References

github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8