CVE-2021-27909

Опубликовано: 30 авг. 2021

Источник: nvd

CVSS3: 6.3

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized.

Ссылки

https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc
Patch
Third Party Advisory
https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*

Версия до 3.3.4 (исключая)

cpe:2.3:a:acquia:mautic:4.0.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:acquia:mautic:4.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:acquia:mautic:4.0.0:rc:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.18658

Средний

6.3 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-32hw-3pvh-vcvc

CVSS3: 6.3

github

больше 4 лет назад

XSS vulnerability on password reset page

EPSS

Процентиль: 95%

0.18658

Средний

6.3 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79