Security Advisory

CVE-2021-27912

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-30 15:55:17

Last updated 2024-09-16 16:17:39

Assigner Mautic

State PUBLISHED

Description

Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.

← Browse all CVEs View on cve.org ↗