Lucene search

MauticCVELIST:CVE-2024-47058

HistorySep 18, 2024 - 9:00 p.m.

CVE-2024-47058 Cross-site Scripting (XSS) - stored (edit form HTML field)

2024-09-1821:00:28

CWE-79

Mautic

www.cve.org

cve-2024-47058

cross-site scripting

mautic form

html field

sensitive information

CVSS3

2.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L

EPSS

Percentile

9.6%

JSON

With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user’s current session.

CNA Affected

[
  {
    "collectionURL": "https://packagist.org",
    "defaultStatus": "unaffected",
    "packageName": "mautic/core",
    "product": "Mautic",
    "repo": "https://github.com/mautic/mautic",
    "vendor": "Mautic",
    "versions": [
      {
        "lessThan": "< 4.4.13",
        "status": "affected",
        "version": ">= 1.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "< 5.1.1",
        "status": "affected",
        "version": ">= 5.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf

CVSS3

2.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L

EPSS

Percentile

9.6%

JSON

Related for CVELIST:CVE-2024-47058