← Back

CVE-2021-27917

nvd nist
Published: Sep 18, 2024Modified: Sep 27, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.

Affected (8)

Products: Acquia: Mautic
Acquia
1 product
Mautic
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Acquia
Mautic
After 1.0.0 to 4.4.13
Mautic
From 5.0.0 to 5.1.1
Mautic
Version 1.0.0
Mautic
Version 1.0.0 beta4
Mautic
Version 1.0.0 rc1
Mautic
Version 1.0.0 rc2
Mautic
Version 1.0.0 rc3
Mautic
Version 1.0.0 rc4

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

Source: security@mautic.org
Vendor Advisory

Timeline

No history available yet.