Vulnerability Description
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
CVSS Score
9.6
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Acquia | Mautic | < 3.2.4 |
Related Weaknesses (CWE)
References
- https://forum.mautic.org/c/announcements/16Vendor Advisory
- https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858mThird Party Advisory
- https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rceThird Party Advisory
- https://www.mautic.org/blog/community/security-release-all-versions-mautic-priorRelease NotesThird Party Advisory
- https://forum.mautic.org/c/announcements/16Vendor Advisory
- https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858mThird Party Advisory
- https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rceThird Party Advisory
- https://www.mautic.org/blog/community/security-release-all-versions-mautic-priorRelease NotesThird Party Advisory
FAQ
What is CVE-2020-35124?
CVE-2020-35124 is a vulnerability with a CVSS score of 9.6 (CRITICAL). A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
How severe is CVE-2020-35124?
CVE-2020-35124 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-35124?
Check the references section above for vendor advisories and patch information. Affected products include: Acquia Mautic.