CVE-2020-35125

Cross-site Scripting in packagist/mautic/core

Identifier

CVE-2020-35125

Package Slug

packagist/mautic/core

Vulnerability

Cross-site Scripting

Description

A cross-site scripting (XSS) vulnerability in the forms component of Mautic allows remote attackers to inject executable JavaScript via mauticreturn.

Affected Versions

All versions before 2.16.5, all versions starting from 3.0.0 before 3.2.4

Solution

Upgrade to versions 2.16.5, 3.2.4 or above.

Last Modified

2021-02-18

source