Critical severity9.6NVD Advisory· Published Jan 28, 2021· Updated Jun 17, 2026
CVE-2020-35124
CVE-2020-35124
Description
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mautic/corePackagist | >= 3.0.0, < 3.2.4 | 3.2.4 |
mautic/corePackagist | >= 2.0.0, < 2.16.5 | 2.16.5 |
Affected products
2- Mautic/Mauticdescription
Patches
Vulnerability mechanics
References
9- forum.mautic.org/c/announcements/16nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-39wj-j3jc-858mghsaADVISORY
- github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858mnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-35124ghsaADVISORY
- www.horizon3.ai/disclosures/mautic-unauth-xss-to-rcenvdThird Party AdvisoryWEB
- www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4nvdRelease NotesThird Party AdvisoryWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35124.yamlghsaWEB
- github.com/mautic/mautic/commit/20c5dc39b62164f6922ce53ea42cbb4ccec64e57ghsaWEB
- packagist.org/packages/mautic/coreghsaWEB
News mentions
0No linked articles in our index yet.