9.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-35128

GHSA ID

GHSA-98j2-3jv7-274m

EPSS Score

0.69921%

CWE

CWE-79

Published

5/24/2022

Updated

4/23/2024

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-35128

CVE-2020-35128: Mautic stored Cross-site Scripting (XSS)

Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2020-35128

CVE-2020-35128:

9.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-35128

GHSA ID

GHSA-98j2-3jv7-274m

EPSS Score

0.69921%

CWE

CWE-79

Published

5/24/2022

Updated

4/23/2024

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mautic/core	composer	>= 3.2.0, < 3.2.4	3.2.4
mautic/core	composer	>= 2.0.0, < 2.16.5	2.16.5

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two key points: 1) Insufficient input sanitization when storing company names (handled by CompanyController's save action), evidenced by Bishop Fox's PoC showing raw HTML in companyname parameter. 2) Lack of output encoding in templates displaying company names, as shown by XSS triggering in multiple contexts (dashboard, contact views). The combination allows stored payloads to persist and execute. While exact file paths are inferred from standard Mautic structure, the attack pattern and CVE description strongly implicate these core handling mechanisms.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2020-35128: Mautic stored Cross-site Scripting (XSS)

CVE-2020-35128:

9.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

9.1

9.1

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2020-35128: Mautic stored Cross-site Scripting (XSS)

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI