CVE-2021-27915

XSS Cross-site Scripting Stored (XSS) - Description field

Severity Score

7.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.

This could lead to the user having elevated access to the system.

*Credits: Lenon Leite, Lenon Leite

CVSS Scores

Mauticv3.1 7.6

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2021-03-02 CVE Reserved
2024-09-17 CVE Published
2024-09-17 CVE Updated
2024-09-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CAPEC

CAPEC-592: Stored XSS

References (1)

URL	Tag	Source
https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mautic Search vendor "Mautic"		Mautic Search vendor "Mautic" for product "Mautic"				<= 4.4.11 Search vendor "Mautic" for product "Mautic" and version " <= 4.4.11"		en		Affected