| Vendor |
|
| Product | Mautic |
| Affected Version(s) | 2.16.2 and probably prior |
| Tested Version(s) | 2.16.2 |
| Vendor Notification | June 8, 2020 |
| Advisory Publication | June 8, 2020 [without technical details] |
| Vendor Fix | N/A |
| Public Disclosure | N/A |
| Latest Modification | June 8, 2020 |
| CVE Identifier(s) | Pending |
| Product Description | Mautic enables brands to integrate and personalize all their digital properties and channels into a seamless customer experience. With it’s modern approach to marketing automation, Mautic’s suite of tools enables marketers to deliver higher performing campaigns and content, and achieve superior results. |
| Credits | Min Thu Han, Security Researcher & Penetration Tester @wizlynx group |
| Reflected Cross-Site Scripting (XSS) Vulnerability | |||
| Severity: Medium | CVSS Score: 5.4 | CWE-ID: CWE-79 | Status: Not Fixed |
| Vulnerability Description | |||
| The application Mautic is affected by a reflected Cross-Site Scripting (XSS) vulnerability affecting version 2.16.2 and probably prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML. | |||
| CVSS Base Score | |||
| Attack Vector | Network | Scope | Changed |
| Attack Complexity | Low | Confidentiality Impact | Low |
| Privileges Required | Low | Integrity Impact | Low |
| User Interaction | Required | Availability Impact | None |
Full details about the vulnerability will be disclosed once the vendor has provided a patch.