CVE-2020-35125
Cross-site Scripting in packagist/mautic/core
Identifiers
CVE-2020-35125, GHSA-42q7-95j7-w62m
Package Slug
packagist/mautic/core
Vulnerability
Cross-site Scripting
Description
A cross-site scripting (XSS) vulnerability in the forms component of Mautic allows remote attackers to inject executable JavaScript via mauticreturn.
Affected Versions
All versions before 2.16.5, all versions starting from 3.0.0 before 3.2.4
Solution
Upgrade to versions 2.16.5, 3.2.4 or above.
Last Modified
2021-02-18
| source |