Headline
CVE-2021-27914
A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript
⚠️ After this security fix was released we identified an issue which has been resolved in releasing hotfix version 4.3.1.
Impact
Mautic allows you to install the application via an installer.
The installer logic doesn’t sufficiently sanitise the input of the install information, which may lead to vulnerable situation.
This vulnerability is mitigated by the fact that the attacker needs to have access to the install process.
Patches
Please upgrade to 4.3.1
Workarounds
None.
References
- Internally tracked under MST-28
For more information
If you have any questions or comments about this advisory:
- Email us at [email protected]