GHSA-9hx7-rg7w-xm79

Опубликовано: 19 янв. 2021

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

XSS vulnerability in company name field in Mautic

Impact

Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.

Patches

Update to 2.14.0 or later.

Workarounds

None.

For more information

If you have any questions or comments about this advisory:

Email us at security@mautic.org

Ссылки

Пакеты

Наименование

mautic/core

composer

Затронутые версииВерсия исправления

< 2.11.0

2.14.0

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2018-11200

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-11200

CVSS3: 6.1

nvd

больше 6 лет назад

An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field.

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2018-11200

Дефекты

CWE-79