Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.
This could lead to the user having elevated access to the system.
References
Link | Resource |
---|---|
https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Sep 2024, 00:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.0 |
References | () https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422 - Vendor Advisory | |
First Time |
Acquia mautic
Acquia |
|
CWE | CWE-79 | |
CPE | cpe:2.3:a:acquia:mautic:1.0.0:-:*:*:*:*:*:* cpe:2.3:a:acquia:mautic:1.0.0:rc2:*:*:*:*:*:* cpe:2.3:a:acquia:mautic:1.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:acquia:mautic:1.0.0:beta4:*:*:*:*:*:* cpe:2.3:a:acquia:mautic:1.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* cpe:2.3:a:acquia:mautic:1.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:acquia:mautic:1.0.0:rc3:*:*:*:*:*:* cpe:2.3:a:acquia:mautic:1.0.0:rc4:*:*:*:*:*:* |
20 Sep 2024, 12:30
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
17 Sep 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-17 14:15
Updated : 2024-09-29 00:22
NVD link : CVE-2021-27915
Mitre link : CVE-2021-27915
CVE.ORG link : CVE-2021-27915
JSON object : View
Products Affected
acquia
- mautic