High severity7.1NVD Advisory· Published Aug 30, 2021· Updated Jun 17, 2026
CVE-2021-27912
CVE-2021-27912
Description
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mautic/corePackagist | < 3.3.4 | 3.3.4 |
mautic/corePackagist | >= 4.0.0-alpha1, < 4.0.0 | 4.0.0 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-rh5w-82wh-jhr8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-27912ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27912.yamlghsaWEB
News mentions
0No linked articles in our index yet.