Moderate severityNVD Advisory· Published Sep 18, 2024· Updated Sep 19, 2024
XSS in contact tracking and page hits report
CVE-2021-27917
Description
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mautic/core-libPackagist | >= 1.0.0-beta4, < 4.4.13 | 4.4.13 |
mautic/core-libPackagist | >= 5.0.0-alpha, < 5.1.1 | 5.1.1 |
mautic/corePackagist | >= 1.0.0-beta4, < 4.4.13 | 4.4.13 |
mautic/corePackagist | >= 5.0.0-alpha, < 5.1.1 | 5.1.1 |
Affected products
3- ghsa-coords2 versions
>= 1.0.0-beta4, < 4.4.13+ 1 more
- (no CPE)range: >= 1.0.0-beta4, < 4.4.13
- (no CPE)range: >= 1.0.0-beta4, < 4.4.13
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-xpc5-rr39-v8v2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-27917ghsaADVISORY
- github.com/mautic/mautic/commit/550e33562d03363f7592fa9354259787a23a1d98ghsaWEB
- github.com/mautic/mautic/commit/629165ac905c53bbb44feb5a6dbadb1dfd6d5564ghsaWEB
- github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2ghsaWEB
News mentions
0No linked articles in our index yet.