CVE-2021-27915

CRITICAL Year: 2021
CVSS v3 Score
9.0
Critical
Weakness Type
CWE-80
View all →

Vulnerability Description

Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system.

Related Vulnerabilities

CVE-2022-25620

CRITICAL
CVSS:9.0(Critical)

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitr...

CWE-802022

CVE-2024-52300

CRITICAL
CVSS:9.0(Critical)

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact ...

CWE-802024

CVE-2022-21145

CRITICAL
CVSS:9.1(Critical)

A stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can lead to arbitrary Javascript code in...

CWE-802022

CVE-2022-28703

CRITICAL
CVSS:9.1(Critical)

A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrar...

CWE-802022

CVE-2019-13923

CRITICAL
CVSS:9.6(Critical)

A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could allow Cross-Site Scripting (XSS) attacks...

CWE-802019

CVE-2020-13562

CRITICAL
CVSS:9.6(Critical)

A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a craft...

CWE-802020