CVE-2021-27909, GHSA-32hw-3pvh-vcvc
packagist/mautic/core
Cross-site Scripting
There is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter bundle
in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized.
All versions before 3.3.4, all versions starting from 4.0.0-alpha1 before versions before 4.0.0
Upgrade to version 3.3.4, 4.0.0 or above.
2021-09-13
source |