CVE-2020-35129
Last modified
CVE-2020-35129 is a critical-severity vulnerability rated 9/10 on the CVSS scale. Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. EPSS estimates a 1.01% chance of exploitation in the next 30 days.
Description
Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mautic | Mautic | < 3.2.4 |
References
- https://forum.mautic.org/c/announcements/16Vendor Advisory
- https://labs.bishopfox.com/advisories/mautic-version-3.2.2Third Party Advisory
- https://forum.mautic.org/c/announcements/16Vendor Advisory
- https://labs.bishopfox.com/advisories/mautic-version-3.2.2Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-35129?
How severe is CVE-2020-35129?
How do I fix CVE-2020-35129?
Are you affected by CVE-2020-35129?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST