CVE-2020-35124

Published January 28th, 2021

View on NVD ↗

CVSS v3

9.6

CRITICAL

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.

mautic/mautic

Mautic: Open Source Marketing Automation Software.

GitHub

9.82K