CVE-2017-1000506
published 2018-02-09CVE-2017-1000506: Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of…
PriorityP421medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.11%
61.7th percentile
Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mautic | core | >= 0 < 2.14.2 | 2.14.2 |
| mautic | mautic | <= 2.11.0 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Mautic Cross Site Scripting (XSS) vulnerability
ghsa·2022-05-14
CVE-2017-1000506 [MEDIUM] CWE-79 Mautic Cross Site Scripting (XSS) vulnerability
Mautic Cross Site Scripting (XSS) vulnerability
Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.
OSV
Mautic Cross Site Scripting (XSS) vulnerability
osv·2022-05-14
CVE-2017-1000506 [MEDIUM] Mautic Cross Site Scripting (XSS) vulnerability
Mautic Cross Site Scripting (XSS) vulnerability
Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-02-09
Published