CVE-2021-27909
XSS vulnerability on password reset page
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized.
Para Mautic versiones anteriores a 3.3.4/4.0.0, se presenta una vulnerabilidad de tipo XSS en la página de restablecimiento de contraseña de Mautic donde un parámetro vulnerable, "bundle", en la URL podría permitir a un atacante ejecutar código Javascript. El atacante tendría que convencer o engañar al objetivo para que haga clic en una URL de restablecimiento de contraseña con el parámetro vulnerable usado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-02 CVE Reserved
- 2021-08-30 CVE Published
- 2024-05-15 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc | 2021-09-10 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Acquia Search vendor "Acquia" | Mautic Search vendor "Acquia" for product "Mautic" | < 3.3.4 Search vendor "Acquia" for product "Mautic" and version " < 3.3.4" | - |
Affected
| ||||||
Acquia Search vendor "Acquia" | Mautic Search vendor "Acquia" for product "Mautic" | 4.0.0 Search vendor "Acquia" for product "Mautic" and version "4.0.0" | alpha1 |
Affected
| ||||||
Acquia Search vendor "Acquia" | Mautic Search vendor "Acquia" for product "Mautic" | 4.0.0 Search vendor "Acquia" for product "Mautic" and version "4.0.0" | beta |
Affected
| ||||||
Acquia Search vendor "Acquia" | Mautic Search vendor "Acquia" for product "Mautic" | 4.0.0 Search vendor "Acquia" for product "Mautic" and version "4.0.0" | rc |
Affected
|