CVE-2020-35128

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 3.2.4

Description: The issue allows an attacker with permission to manage companies to perform stored XSS attacks on other users, including administrators. By loading an externally crafted JavaScript file, the attacker could eventually perform actions as the target user, such as changing user passwords, altering user or email addresses, or adding a new administrator to the system.

Recommendations: For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the permission to manage companies to trusted users only, and avoid loading externally crafted JavaScript files.