CVE-2017-1000488

Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
References
Link Resource
https://github.com/mautic/mautic/releases/tag/2.12.0 Exploit Release Notes Third Party Advisory
https://github.com/mautic/mautic/releases/tag/2.12.0 Exploit Release Notes Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:acquia:mautic:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.9.0:beta:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.10.0:beta:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:2.11.0:beta:*:*:*:*:*:*
cpe:2.3:a:mautic:mautic:2.9.0:*:*:*:*:*:*:*
cpe:2.3:a:mautic:mautic:2.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mautic:mautic:2.10.0:*:*:*:*:*:*:*
cpe:2.3:a:mautic:mautic:2.11.0:*:*:*:*:*:*:*

History

21 Nov 2024, 03:04

Type Values Removed Values Added
References () https://github.com/mautic/mautic/releases/tag/2.12.0 - Exploit, Release Notes, Third Party Advisory () https://github.com/mautic/mautic/releases/tag/2.12.0 - Exploit, Release Notes, Third Party Advisory

Information

Published : 2018-01-03 16:29

Updated : 2024-11-21 03:04


NVD link : CVE-2017-1000488

Mitre link : CVE-2017-1000488

CVE.ORG link : CVE-2017-1000488


JSON object : View

Products Affected

mautic

  • mautic

acquia

  • mautic
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')