Vulnerability Database
296,137
Total vulnerabilities in the database
CVE-2020-35125
A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).
| Software | From | Fixed in |
|---|---|---|
| acquia / mautic | 3.0.0 | 3.2.4 |
| acquia / mautic | - | 2.16.5 |
mautic / core
|
- | 2.16.5 |
|
mautic / core
|
3.0.0 | 3.2.4 |
- https://forum.mautic.org/c/announcements/16
- https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35125.yaml
- https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m
- https://packagist.org/packages/mautic/core
- https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce
- https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4