Home > Vulnerability Database > CVE-2021-27917

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2021-27917

Good to know:

Date: September 18, 2024

Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.

Language: PHP

Severity Score

7.3

Related Resources (6)

Url: https://github.com/mautic/mautic/commit/550e33562d03363f7592fa9354259787a23a1d98

Url: https://github.com/mautic/mautic/commit/629165ac905c53bbb44feb5a6dbadb1dfd6d5564

Url: https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2

Url: https://github.com/mautic/mautic

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-27917

Url: https://www.mend.io/vulnerability-database/CVE-2021-27917

Severity Score

7.3

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version mautic/core - dev-all-contributors/add-danadelion;mautic/core - dev-php8;mautic/core - 5.1.x-dev;mautic/core - dev-codesee-arch-diagram-workflow-1665131683198;mautic/core - dev-Replace_uses_of_Symfony_Component_Debug_Debug;mautic/core - dev-all-contributors/add-Hugo-Prossaird;mautic/core - dev-dennisameling-patch-2;mautic/core - dev-revert-14311-e2e-tests-workflow;mautic/core - dev-add-issue-form-template;mautic/core - 4.1.0;mautic/core - dev-all-contributors/add-dsp76;mautic/core - dev-fix-utm-content-191-lenght;mautic/core - dev-apply-recommended-fixes;mautic/core - dev-all-contributors/add-alanhartless;mautic/core - 6.0.0-alpha;mautic/core - 3.1.0-rc;mautic/core - dev-all-contributors/add-kingsedem;mautic/core - dev-all-contributors/add-andersonjeccel;mautic/core - dev-report-query-with-debug-mode;mautic/core - dev-hide-category-list-from-download-action;mautic/core - dev-add-core-lib-files;mautic/core - dev-dependabot/npm_and_yarn/multi-84ce394ccb;mautic/core - dev-dependabot/npm_and_yarn/dot-github/scripts/multi-7324c79407;mautic/core - dev-all-contributors/add-adiux;mautic/core - 2.7.1;mautic/core - 5.x-dev;mautic/core - dev-fix-segment-rebuild-timezone;mautic/core - 4.0.0-alpha1;mautic/core - dev-revert-12914-move-file;mautic/core - dev-all-contributors/add-mlahlouh;mautic/core - dev-all-contributors/add-matbcvo;mautic/core - 2.4.0;mautic/core - dev-dependabot/npm_and_yarn/plugins/GrapesJsBuilderBundle/ansi-regex-5.0.1;mautic/core - dev-all-contributors/add-alfredoct96;mautic/core - dev-dependabot/composer/twig/twig-3.14.1;mautic/core - dev-all-contributors/add-volha-pivavarchyk;mautic/core - dev-exclude-bounty-stalebot;mautic/core - dev-m-mautic-org-asset;mautic/core - dev-fix-remove-from-campaign-without-date-last-exited;mautic/core - dev-update-pr-template;mautic/core - dev-fix-unset-company;mautic/core - dev-update-GitHub-actions-support-queue;mautic/core - dev-dependabot/composer/symfony/var-dumper-6.4.4;mautic/core - dev-sms-token-support-5x;mautic/core - dev-fix-default-order-dir-controller;mautic/core - dev-fix-monorepo-4.0;mautic/core - 2.8.0;mautic/core - dev-all-contributors/add-TS16V;mautic/core-lib - 5.x-dev;mautic/core-lib - 5.1.x-dev

Learn More

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2021-27917

Good to know:

Date: September 18, 2024

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?