9.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-35129

GHSA ID

GHSA-3px5-wjh3-9x6r

EPSS Score

0.68973%

CWE

CWE-79

Published

5/24/2022

Updated

5/3/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-35129

CVE-2020-35129: Mautic stored Cross-site Scripting (XSS)

Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.

(GitHub Advisory)

9.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-35129

GHSA ID

GHSA-3px5-wjh3-9x6r

EPSS Score

0.68973%

CWE

CWE-79

Published

5/24/2022

Updated

5/3/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mautic/core	composer	< 3.2.4	3.2.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper input handling in Social Monitoring's title/name fields. The Controller action that processes form submissions (saveAction) and the Entity setter method (setTitle) that persists the data are critical points where input sanitization should occur. The Bishop Fox PoC demonstrates XSS execution via the monitoring[title] parameter, indicating these functions failed to validate()/escape user-controlled input before storage. The stored payloads then render unsafely in dashboard widgets and contact views, enabling privilege escalation attacks.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M*uti* ***or* *.*.* is *****t** *y stor** XSS. *n *tt**k*r wit* ****ss to So*i*l Monitorin*, *n *ppli**tion ***tur*, *oul* *tt**k ot**r us*rs, in*lu*in* **ministr*tors. *or *x*mpl*, *n *tt**k*r *oul* lo** *n *xt*rn*lly *r**t** J*v*S*ript *il* t**t wo

Reasoning

T** vuln*r**ility st*ms *rom improp*r input **n*lin* in So*i*l Monitorin*'s titl*/n*m* *i*l*s. T** *ontroll*r **tion t**t pro**ss*s *orm su*missions (`s*v***tion`) *n* t** *ntity s*tt*r m*t*o* (`s*tTitl*`) t**t p*rsists t** **t* *r* *riti**l points w

9.1

Basic Information

Concerned about an active attack path?

CVE-2020-35129: Mautic stored Cross-site Scripting (XSS)

9.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI