CVE-2017-1000488

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-1000488

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000488.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-1000488

Aliases

GHSA-qjhr-c23f-w76q

Published

2018-01-03T16:29:00.183Z

Modified

2026-04-10T03:54:43.802593Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.

References

https://github.com/mautic/mautic/releases/tag/2.12.0

Affected packages

Git / github.com/mautic/mautic

Affected ranges

Type

GIT

Repo

https://github.com/mautic/mautic

Events

Introduced

Last affected

fbffb1d7eb4aa33221849f8e0f2a0075ab7c82fa

Introduced

Last affected

b9b8dfa37f33d48b8d60a8f6248a61b5f3f59573

Introduced

Last affected

7b731c4043211f861ef3ba1df7bd05741704baad

Introduced

Last affected

33c2c1a7d0aba3fae35c18c146a253909b1f0d6f

Introduced

Last affected

078224f8cf6d04c97d61e1b5bde9b186d6294b64

Introduced

Last affected

d8c08b0cdf13dd34b2f214b06d543023f02a4c01

Introduced

Last affected

dca3b03f8ab26600cb875556b1a276995680de32

Introduced

Last affected

faf9d26cde1c1ac0b268e2673146965569dfec04

Introduced

Last affected

dc3d7c188e8c6f389614a18e427b99b4280baedb

Introduced

Last affected

a4b9da32d287162a1311ec3efe6ba2eb83f000db

Introduced

Last affected

7330d195bdbf0886238f92f04add5eda9c04f3fa

Introduced

Last affected

3ed237d8d44cbd269a16e18530106ed92935a518

Introduced

Last affected

f34c537b3b2a82f8c78a70d1890096ddecc27957

Introduced

Last affected

d6c7ddb1f9456d54753cb1dbb9de8eb9103609e1

Introduced

Last affected

3a74446999140733c1a1210c39284d1f25a46a81

Introduced

Last affected

c40a4564db86d057606f1b3d4325823933f1eecb

Introduced

Last affected

64527a76a0c48f54c543a919fdec00a743eee002

Introduced

Last affected

e9bc0ada5bd51acb977d0f60e0b4e4073acc6dc4

Introduced

Last affected

50c4adadf9fe56d34bb8884ee2215d2ad7e8692a

Introduced

Last affected

d0779771677645e56799c62b9612371244e553a2

Introduced

Last affected

0d8cb6272ca2d662f295567cafd9d7ff88ebedff

Introduced

Last affected

5c2f3c22b008666aed443dffc2268649ee7ea19e

Introduced

Last affected

6c7d52e0a4e3491ab9ad7f8b484e3dc4b19ece4a

Introduced

Last affected

ba4c58a5d12119f6c23cf28b60da0965d20a7513

Fixed

4f160841ac32ca5961d892daba75ae19953525dc

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.1.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.6.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.8.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.9.0-beta"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.9.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.10.0-beta"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.10.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0-beta"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.9.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.9.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.10.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.11.0"
        }
    ]
}

Affected versions

1.*

1.0.0

1.0.0-beta2

1.0.0-beta3

1.0.0-beta4

1.0.0-rc1

1.0.0-rc2

1.0.0-rc3

1.0.0-rc4

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.1.0

1.1.1

1.1.2

1.1.3

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.3.0

1.3.1

1.4.0

1.4.1

2.*

2.0.0

2.0.1

2.1.0

2.1.1

2.10.0

2.10.0-beta

2.10.1

2.11.0

2.11.0-beta

2.2.0

2.2.1

2.3.0

2.4.0

2.5.0

2.5.1

2.6.0

2.6.1

2.7.0

2.7.1

2.8.0

2.8.1

2.8.2

2.9.0

2.9.0-beta

2.9.1

2.9.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000488.json"