GHSA-p7v4-gm6j-cw9m

Suggest an improvement
Source
https://github.com/advisories/GHSA-p7v4-gm6j-cw9m
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/01/GHSA-p7v4-gm6j-cw9m/GHSA-p7v4-gm6j-cw9m.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-p7v4-gm6j-cw9m
Aliases
  • CVE-2021-3142
Published
2021-01-29T20:51:20Z
Modified
2024-11-30T05:32:29.148701Z
Summary
XSS in Mautic
Details

Impact

This is a cross-site scripting vulnerability relating to creating/editing a company which requires the user to be logged in as an administrator to be executed.

This vulnerability was reported by Dardan Prebreza at Bishop Fox.

Patches

Upgrade to 3.2.4 or 2.16.5.

Link to patch for 2.x versions: https://github.com/mautic/mautic/compare/2.16.4...2.16.5.diff

Link to patch for 3.x versions: https://github.com/mautic/mautic/compare/3.2.2...3.2.4.diff

Workarounds

None

References

https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4

For more information

If you have any questions or comments about this advisory: * Post in https://forum.mautic.org/c/support * Email us at security@mautic.org

Database specific
{
    "nvd_published_at": "2021-01-28T06:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2021-01-29T20:31:59Z"
}
References

Affected packages

Packagist / mautic/core

Package

Name
mautic/core
Purl
pkg:composer/mautic/core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.2.4

Affected versions

3.*

3.0.0
3.0.1
3.0.2-rc
3.0.2
3.1.0-rc
3.1.0
3.1.1-rc
3.1.1
3.1.2-rc
3.1.2
3.2.0-rc
3.2.0
3.2.1
3.2.2-rc
3.2.2
3.2.3

Packagist / mautic/core

Package

Name
mautic/core
Purl
pkg:composer/mautic/core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.16.5

Affected versions

2.*

2.0.0
2.0.1
2.1.0
2.1.1
2.2.0
2.2.1
2.3.0
2.4.0
2.5.0
2.5.1
2.6.0
2.6.1
2.7.0
2.7.1
2.8.0
2.8.1
2.8.2
2.9.0-beta
2.9.0
2.9.1
2.9.2
2.10.0-beta
2.10.0
2.10.1
2.11.0-beta
2.11.0
2.12.0-beta
2.12.0
2.12.1-beta
2.12.1
2.12.2-beta
2.12.2
2.13.0-beta
2.13.0
2.13.1
2.14.0-beta
2.14.0
2.14.1-beta
2.14.1
2.14.2-beta
2.14.2
2.15.0-beta
2.15.0
2.15.1-beta
2.15.1
2.15.2-beta
2.15.2
2.15.3-beta
2.15.3
2.16.0-beta
2.16.0
2.16.1-beta
2.16.1
2.16.2-beta
2.16.2
2.16.3-beta
2.16.3
2.16.4