CVE-2021-27912: Cross-site Scripting

August 30, 2021 (updated September 3, 2021)

Mautic is vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.

References

nvd.nist.gov/vuln/detail/CVE-2021-27912

Detect and mitigate CVE-2021-27912 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →