Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.

This could lead to the user having elevated access to the system.
Fixes

Solution

Update to 4.4.12 or later.


Workaround

No workaround given by the vendor.

History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00093}

epss

{'score': 0.00104}


Sun, 29 Sep 2024 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Acquia
Acquia mautic
Weaknesses CWE-79
CPEs cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:-:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:rc4:*:*:*:*:*:*
Vendors & Products Acquia
Acquia mautic

Tue, 17 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Mautic
Mautic mautic
CPEs cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*
Vendors & Products Mautic
Mautic mautic
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 17 Sep 2024 14:15:00 +0000

Type Values Removed Values Added
Description Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system.
Title XSS Cross-site Scripting Stored (XSS) - Description field
Weaknesses CWE-80
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mautic

Published:

Updated: 2024-09-17T16:01:29.250Z

Reserved: 2021-03-02T15:53:50.859Z

Link: CVE-2021-27915

cve-icon Vulnrichment

Updated: 2024-09-17T16:00:44.787Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-17T14:15:14.100

Modified: 2024-09-29T00:22:31.787

Link: CVE-2021-27915

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.