15 matches found
EUVD-2021-0512
Malware in sbrugna...
GHSA-72HM-FX78-XWHC XSS vulnerability on contacts view
Impact Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populat...
XSS vulnerability on contacts view
Impact Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populat...
XSS vulnerability on asset view
Impact Mautic versions before 3.3.4 / 4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets. Patch...
GHSA-RH5W-82WH-JHR8 XSS vulnerability on asset view
Impact Mautic versions before 3.3.4 / 4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets. Patch...
Mautic Cross-Site Scripting Vulnerability (CNVD-2021-70087)
Mautic is an open source marketing automation software that monitors and manages websites, sends emails and manages customer resources. Mautic is vulnerable to a cross-site scripting vulnerability that stems from Mautic being vulnerable to an inline JS XSS attack when viewing Mautic assets by usi...
CVE-2021-27911
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from...
CVE-2021-27912
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets...
CVE-2021-27912
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets...
Cross site scripting
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets...
CVE-2021-27912 XSS vulnerability on asset view
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets...
CVE-2021-27912
The CVE-2021-27912 entry describes an inline JavaScript XSS vulnerability in Mautic assets that affects versions before 3.3.4/4.0.0. An authenticated user with permission to create or edit assets can leverage inline JS in asset titles and a broken image URL to perform the attack. The most consist...
CVE-2021-27911 XSS vulnerability on contacts view
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from...
Inline JS XSS vulnerability in Mautic
Impact Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form. Patches Upgrade to 2.12.0 or later. Workarounds None References https://github.com/mautic/mautic/releases/tag/2.12.0 For mo...
CVE-2017-1000488
The CVE-2017-1000488 entry concerns Mautic 2.1.0–2.11.0, which is vulnerable to inline JavaScript XSS in Mautic forms on a landing page when GET parameters pre-populate the form. Root cause cited across sources is lack of sanitization on GET parameters used for pre-population. Consequences includ...