CVE-2020-35129 Information
Jun 07, 2022
cve
Description
Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring an application feature could attack other users including administrators. For example an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Reference
https://forum.mautic.org/c/announcements/16 https://labs.bishopfox.com/advisories/mautic-version-3.2.2
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.0
Share on: