Vulnerability Details : CVE-2020-35129
Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2020-35129
- cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-35129
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-35129
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST | |
9.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
2.3
|
6.0
|
NIST |
CWE ids for CVE-2020-35129
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-35129
-
https://labs.bishopfox.com/advisories/mautic-version-3.2.2
Mautic Version <=3.2.2Third Party Advisory
-
https://forum.mautic.org/c/announcements/16
Latest Announcements topics - Mautic Community ForumsVendor Advisory
Jump to