CVE-2020-35128

EPSS 0.65% · P71 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-35128

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Mautic 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Mautic是一款开源的营销自动化软件。该软件能够监控管理网站、发送电子邮件并管理客户资源。 Mautic before 3.2.4 存在安全漏洞，攻击者可利用该漏洞攻击目标用户执行操作。这些操作包括更改用户密码、更改用户或电子邮件地址，或向系统添加新管理员。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2020-35128

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-35128

请登录查看更多情报信息。

https://labs.bishopfox.com/advisories/mautic-version-3.2.2x_refsource_MISC
https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786x_refsource_CONFIRM
https://forum.mautic.org/c/announcements/16x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2020-35128

Same Patch Batch · n/a · 2021-01-19 · 38 CVEs total

CVE-2020-28477	7.5 HIGH	Prototype Pollution
CVE-2020-28478	7.5 HIGH	Prototype Pollution
CVE-2020-28472	7.3 HIGH	Prototype Pollution
CVE-2020-28480	7.3 HIGH	Prototype Pollution
CVE-2020-28482	5.9 MEDIUM	Cross-site Request Forgery (CSRF)
CVE-2020-28479	5.9 MEDIUM	Denial of Service (DoS)
CVE-2020-28481	5.3 MEDIUM	Insecure Defaults
CVE-2020-27256		多款Sooil产品信任管理问题漏洞
CVE-2021-3184		MISP 跨站脚本漏洞
CVE-2020-27270		多款Sooil产品授权问题漏洞
CVE-2020-27272		多款Sooil产品访问控制错误漏洞
CVE-2020-27276		多款Sooil产品授权问题漏洞
CVE-2021-20190		FasterXML jackson-databind 代码问题漏洞
CVE-2020-8581		Clustered Data ONTAP 安全漏洞
CVE-2021-25325		MISP 跨站脚本漏洞
CVE-2020-27258		多款Sooil产品信息泄露漏洞
CVE-2020-27264		多款Sooil产品安全特征问题漏洞
CVE-2020-11997		Apache Guacamole 安全漏洞
CVE-2020-27266		多款Sooil产品授权问题漏洞
CVE-2020-27268		多款Sooil产品授权问题漏洞

Showing top 20 of 38 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2020-35128

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-35128

I. Basic Information for CVE-2020-35128

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2020-35128

III. Intelligence Information for CVE-2020-35128

Same Patch Batch · n/a · 2021-01-19 · 38 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-35128

Leave a comment