VYPR
High severity7.1NVD Advisory· Published Aug 30, 2021· Updated Jun 17, 2026

CVE-2021-27912

CVE-2021-27912

Description

Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mautic/corePackagist
< 3.3.43.3.4
mautic/corePackagist
>= 4.0.0-alpha1, < 4.0.04.0.0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.