Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.
This could lead to the user having elevated access to the system.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mautic
Mautic mautic |
|
CPEs | cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:* | |
Vendors & Products |
Mautic
Mautic mautic |
|
Metrics |
ssvc
|
Tue, 17 Sep 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system. | |
Title | XSS Cross-site Scripting Stored (XSS) - Description field | |
Weaknesses | CWE-80 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Mautic
Published: 2024-09-17T14:02:09.969Z
Updated: 2024-09-17T16:01:29.250Z
Reserved: 2021-03-02T15:53:50.859Z
Link: CVE-2021-27915
Vulnrichment
Updated: 2024-09-17T16:00:44.787Z
NVD
Status : Received
Published: 2024-09-17T14:15:14.100
Modified: 2024-09-17T14:15:14.100
Link: CVE-2021-27915
Redhat
No data.