CVE-2021-27915

Published Sep 17, 2024

Last updated 2 months ago

CVSS critical 9.0

Overview

Description: Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system.
Source: security@mautic.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9
Impact score: 6
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

nvd@nist.gov: CWE-79
security@mautic.org: CWE-80

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71754804-5279-4236-8CE2-434BC23B4A30",
            "versionEndExcluding": "4.4.12",
            "versionStartIncluding": "1.0.0"
          },
          {
            "criteria": "cpe:2.3:a:acquia:mautic:1.0.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99718D48-5C19-41C5-84E1-52E95F012830"
          },
          {
            "criteria": "cpe:2.3:a:acquia:mautic:1.0.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B21EB9D-BFCD-4D58-BCA6-3AAE6B3B9041"
          },
          {
            "criteria": "cpe:2.3:a:acquia:mautic:1.0.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C1C106B-1B3D-427D-8147-5527E610F569"
          },
          {
            "criteria": "cpe:2.3:a:acquia:mautic:1.0.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E35B0F0-9BF1-45FA-8954-B8BFB7389C4D"
          },
          {
            "criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "213A9276-B9D1-4B4D-BBE9-FC42B6D63DE1"
          },
          {
            "criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F366E4D8-1515-4E5F-8551-4C8D9E00D0D9"
          },
          {
            "criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4234B41-F219-45B7-83A1-8F0F652F2A8B"
          },
          {
            "criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA028F70-6020-47D6-BEC0-6FC0C7E18420"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References