Base Score

MEDIUM5.4

CVE-2021-27917

Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.

VectorNETWORK

Published Bysecurity@mautic.org

Published DateSep 18, 2024, 22:15

Affected Versions(4)

mautic/core-lib(Packagist)

Introduced1.0.0-beta4

Fixed4.4.13

LimitN/A

mautic/core-lib(Packagist)

Introduced5.0.0-alpha

Fixed5.1.1

LimitN/A

mautic/core(Packagist)

Introduced1.0.0-beta4

Fixed4.4.13

LimitN/A

mautic/core(Packagist)

Introduced5.0.0-alpha

Fixed5.1.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
mautic/core-lib(Packagist)	1.0.0-beta4	4.4.13	N/A
mautic/core-lib(Packagist)	5.0.0-alpha	5.1.1	N/A
mautic/core(Packagist)	1.0.0-beta4	4.4.13	N/A
mautic/core(Packagist)	5.0.0-alpha	5.1.1	N/A

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2

Base Score

MEDIUM5.4

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE