{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T04:39:37.193","vulnerabilities":[{"cve":{"id":"CVE-2021-27915","sourceIdentifier":"security@mautic.org","published":"2024-09-17T14:15:14.100","lastModified":"2024-09-29T00:22:31.787","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.\n\nThis could lead to the user having elevated access to the system."},{"lang":"es","value":"Antes de la versión parcheada, existe una vulnerabilidad XSS en los campos de descripción dentro de la aplicación Mautic que podría ser explotada por un usuario registrado de Mautic con los permisos adecuados. Esto podría provocar que el usuario tenga acceso elevado al sistema."}],"metrics":{"cvssMetricV31":[{"source":"security@mautic.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.1,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}]},"weaknesses":[{"source":"security@mautic.org","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"4.4.12","matchCriteriaId":"71754804-5279-4236-8CE2-434BC23B4A30"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:1.0.0:-:*:*:*:*:*:*","matchCriteriaId":"99718D48-5C19-41C5-84E1-52E95F012830"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:1.0.0:beta2:*:*:*:*:*:*","matchCriteriaId":"0B21EB9D-BFCD-4D58-BCA6-3AAE6B3B9041"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:1.0.0:beta3:*:*:*:*:*:*","matchCriteriaId":"9C1C106B-1B3D-427D-8147-5527E610F569"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:1.0.0:beta4:*:*:*:*:*:*","matchCriteriaId":"4E35B0F0-9BF1-45FA-8954-B8BFB7389C4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:1.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"213A9276-B9D1-4B4D-BBE9-FC42B6D63DE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:1.0.0:rc2:*:*:*:*:*:*","matchCriteriaId":"F366E4D8-1515-4E5F-8551-4C8D9E00D0D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:1.0.0:rc3:*:*:*:*:*:*","matchCriteriaId":"B4234B41-F219-45B7-83A1-8F0F652F2A8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:acquia:mautic:1.0.0:rc4:*:*:*:*:*:*","matchCriteriaId":"DA028F70-6020-47D6-BEC0-6FC0C7E18420"}]}]}],"references":[{"url":"https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422","source":"security@mautic.org","tags":["Vendor Advisory"]}]}}]}