Description
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2021-0482 | A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads. |
Github GHSA |
GHSA-39wj-j3jc-858m | XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic |
References
History
No history.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T16:55:10.640Z
Reserved: 2020-12-11T00:00:00.000Z
Link: CVE-2020-35124
No data.
Status : Modified
Published: 2021-01-28T06:15:13.373
Modified: 2026-06-17T03:13:24.767
Link: CVE-2020-35124
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD
Github GHSA