cbcvebase.
CVE-2021-3142
published 2021-01-29

CVE-2021-3142: XSS in Mautic ### Impact This is a cross-site scripting vulnerability relating to creating/editing a company which requires the user to be logged in as an…

high
XSS in Mautic

### Impact
This is a cross-site scripting vulnerability relating to creating/editing a company which requires the user to be logged in as an administrator to be executed.

This vulnerability was reported by Dardan Prebreza at Bishop Fox.

### Patches
Upgrade to 3.2.4 or 2.16.5.

Link to patch for 2.x versions: https://github.com/mautic/mautic/compare/2.16.4...2.16.5.diff

Link to patch for 3.x versions: https://github.com/mautic/mautic/compare/3.2.2...3.2.4.diff

### Workarounds
None

### References
https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4

### For more information
If you have any questions or comments about this advisory:
* Post in https://forum.mautic.org/c/support
* Email us at [email protected]

Affected

2 ranges
VendorProductVersion rangeFixed in
mauticcore>= 2.0.0 < 2.16.52.16.5
mauticcore>= 3.0.0 < 3.2.43.2.4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.