Products
Mautic
- before the patched version
Source
security@mautic.org
Tags
CVE-2021-27915 details
Published : Sept. 17, 2024, 2:15 p.m.
Last Modified : Sept. 17, 2024, 2:15 p.m.
Last Modified : Sept. 17, 2024, 2:15 p.m.
Description
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7.6 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-80 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
Base Score
7.6
Exploitability Score
2.1
Impact Score
5.5
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
References
| URL | Source |
|---|---|
| https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422 | security@mautic.org |
This website uses the NVD API, but is not approved or certified by it.