CVE-2020-35125

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 2.16.5 Mautic versions prior to 3.2.4

Description: A cross-site scripting (XSS) issue in the forms component allows remote attackers to inject executable JavaScript via mautic[return]. This could allow an attacker unauthorized administrator-level access to Mautic. The vulnerability was reported by Naveen Sunkavally at Horizon3.ai.

Recommendations: For versions prior to 2.16.5, upgrade to 2.16.5. For versions prior to 3.2.4, upgrade to 3.2.4. As a temporary workaround, consider restricting access to the forms component until a patch is applied.