CVE-2020-35129 – mautic/core

Package

Manager: composer
Name: mautic/core
Vulnerable Version: >=0 <3.2.4

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00617 pctl0.68996

Details

Mautic stored Cross-site Scripting (XSS) Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.

Metadata

Created: 2022-05-24T22:28:09Z
Modified: 2024-04-23T23:00:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3px5-wjh3-9x6r/GHSA-3px5-wjh3-9x6r.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-3px5-wjh3-9x6r
Finding: F425
Auto approve: 1