GHSA-p7v4-gm6j-cw9m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-p7v4-gm6j-cw9m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/01/GHSA-p7v4-gm6j-cw9m/GHSA-p7v4-gm6j-cw9m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-p7v4-gm6j-cw9m
- Aliases
-
- CVE-2021-3142
- Published
- 2021-01-29T20:51:20Z
- Modified
- 2024-11-30T05:39:13.234035Z
- Summary
- XSS in Mautic
- Details
-
Impact
This is a cross-site scripting vulnerability relating to creating/editing a company which requires the user to be logged in as an administrator to be executed.
This vulnerability was reported by Dardan Prebreza at Bishop Fox.
Patches
Upgrade to 3.2.4 or 2.16.5.
Link to patch for 2.x versions: https://github.com/mautic/mautic/compare/2.16.4...2.16.5.diff
Link to patch for 3.x versions: https://github.com/mautic/mautic/compare/3.2.2...3.2.4.diff
Workarounds
None
References
https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
For more information
If you have any questions or comments about this advisory: * Post in https://forum.mautic.org/c/support * Email us at security@mautic.org
- Database specific
{ "nvd_published_at": "2021-01-28T06:15:00Z", "cwe_ids": [ "CWE-79" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-01-29T20:31:59Z" }- References
-
- https://github.com/mautic/mautic/security/advisories/GHSA-p7v4-gm6j-cw9m
- https://nvd.nist.gov/vuln/detail/CVE-2021-3142
- https://github.com/mautic/mautic/commit/ba31db23e664f889da55a29ff27f797e2ab5cb1b
- https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-3142.yaml
- https://github.com/mautic/mautic/releases/tag/3.2.4
- https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-3
- https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
Affected packages
Packagist / mautic/core
Package
- Name
- mautic/core
- Purl
- pkg:composer/mautic/core
Packagist / mautic/core
Package
- Name
- mautic/core
- Purl
- pkg:composer/mautic/core
Affected versions
2.*
2.0.0
2.0.1
2.1.0
2.1.1
2.2.0
2.2.1
2.3.0
2.4.0
2.5.0
2.5.1
2.6.0
2.6.1
2.7.0
2.7.1
2.8.0
2.8.1
2.8.2
2.9.0-beta
2.9.0
2.9.1
2.9.2
2.10.0-beta
2.10.0
2.10.1
2.11.0-beta
2.11.0
2.12.0-beta
2.12.0
2.12.1-beta
2.12.1
2.12.2-beta
2.12.2
2.13.0-beta
2.13.0
2.13.1
2.14.0-beta
2.14.0
2.14.1-beta
2.14.1
2.14.2-beta
2.14.2
2.15.0-beta
2.15.0
2.15.1-beta
2.15.1
2.15.2-beta
2.15.2
2.15.3-beta
2.15.3
2.16.0-beta
2.16.0
2.16.1-beta
2.16.1
2.16.2-beta
2.16.2
2.16.3-beta
2.16.3
2.16.4