CVE-2021-27909

Cross-site Scripting in packagist/mautic/core

Identifiers

CVE-2021-27909, GHSA-32hw-3pvh-vcvc

Package Slug

packagist/mautic/core

Vulnerability

Cross-site Scripting

Description

There is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter bundle in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized.

Affected Versions

All versions before 3.3.4, all versions starting from 4.0.0-alpha1 before versions before 4.0.0

Solution

Upgrade to version 3.3.4, 4.0.0 or above.

Last Modified

2021-09-13

source