Mautic Unauth XSS to RCE Write-up: horizon3.ai/disclosures/ma… CVE-2020-35124 CVE-2020-35125 #bugbounty #pentest

If your one of the 200K orgs using #Mautic Horizon3.ai found some issues that were patched in v3.2.4

Horizon3.ai hosts Tech Talk #4, “Vulnerable ≠ Exploitable,” Wed, April 28, 2PM ET, to explore the idea of viewing vulnerabilities in the context of exploitability and impact, so you can spend your time, effort and resources #fixingwhatmatters bit.ly/2RdlsWH

Another appliance vuln down... CVE-2022-40684, affecting multiple #Fortinet solutions, is an auth bypass that allows remote attackers to interact with all management API endpoints. Blog post and POC coming later this week. Patch now.