Critical severity9.0NVD Advisory· Published Jan 19, 2021· Updated Jun 17, 2026
CVE-2020-35128
CVE-2020-35128
Description
Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mautic/corePackagist | >= 3.2.0, < 3.2.4 | 3.2.4 |
mautic/corePackagist | >= 2.0.0, < 2.16.5 | 2.16.5 |
Affected products
2- Mautic/Mauticdescription
Patches
Vulnerability mechanics
References
5- forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786nvdExploitVendor AdvisoryWEB
- forum.mautic.org/c/announcements/16nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-98j2-3jv7-274mghsaADVISORY
- labs.bishopfox.com/advisories/mautic-version-3.2.2nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-35128ghsaADVISORY
News mentions
0No linked articles in our index yet.