CVE-2021-27915: Mautic vulnerable to stored cross-site scripting in description field

April 11, 2024 (updated September 30, 2024)

Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.

This could lead to the user having elevated access to the system.

References

github.com/advisories/GHSA-2rc5-2755-v422
github.com/mautic/mautic
github.com/mautic/mautic/commit/2d648394e183b1d2d910cea32e89d40a5915b5d4
github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422
nvd.nist.gov/vuln/detail/CVE-2021-27915

Code Behaviors & Features

Detect and mitigate CVE-2021-27915 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →