Vulnerability Name: | CVE-2020-35128 (CCN-195089) | ||||||||||||
Assigned: | 2020-12-11 | ||||||||||||
Published: | 2021-01-15 | ||||||||||||
Updated: | 2021-02-24 | ||||||||||||
Summary: | Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system. | ||||||||||||
CVSS v3 Severity: | 9.0 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H) 8.6 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C)
9.2 Critical (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:H/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-79 | ||||||||||||
Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-35128 Source: XF Type: UNKNOWN mautic-cve202035128-xss(195089) Source: CCN Type: Mautic Web site Mautic Community Forums Source: MISC Type: Vendor Advisory https://forum.mautic.org/c/announcements/16 Source: CONFIRM Type: Exploit, Vendor Advisory https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786 Source: CCN Type: Bishop Fox Web site Mautic Version <=3.2.2 Source: MISC Type: Third Party Advisory https://labs.bishopfox.com/advisories/mautic-version-3.2.2 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |