3 matches found
CVE-2020-35128
Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target use...
CVE-2021-3142
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2020-35128
Mautic before 3.2.4 is vulnerable to stored XSS via the companies-management feature; an attacker with permission to manage companies can inject JavaScript to affect other users, including administrators, potentially changing passwords, user/email details, or adding a new administrator. Root caus...