CVE-2020-35125, GHSA-42q7-95j7-w62m
packagist/mautic/core
Cross-site Scripting
A cross-site scripting (XSS) vulnerability in the forms component of Mautic allows remote attackers to inject executable JavaScript via mauticreturn.
All versions before 2.16.5, all versions starting from 3.0.0 before 3.2.4
Upgrade to versions 2.16.5, 3.2.4 or above.
2021-02-18
source |