Описание
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.
This could lead to the user having elevated access to the system.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.0.0 (включая) до 4.4.12 (исключая)
Одно из
cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:-:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:acquia:mautic:1.0.0:rc4:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00193
Низкий
7.6 High
CVSS3
9 Critical
CVSS3
Дефекты
CWE-80
CWE-79
Связанные уязвимости
CVSS3: 7.6
github
почти 2 года назад
Mautic vulnerable to stored cross-site scripting in description field
EPSS
Процентиль: 41%
0.00193
Низкий
7.6 High
CVSS3
9 Critical
CVSS3
Дефекты
CWE-80
CWE-79