Lucene search
GitHub Advisory DatabaseGHSA-2RC5-2755-V422HistoryApr 11, 2024 - 9:36 p.m.
Mautic vulnerable to stored cross-site scripting in description field
2024-04-1121:36:29
CWE-79
GitHub Advisory Database
github.com
7
mautic
cross-site scripting
vulnerability
patch
update
Impact
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.
This could lead to the user having elevated access to the system.
Patches
Update to 4.4.12
Workarounds
None
References
- https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)
- https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting
If you have any questions or comments about this advisory:
Email us at [email protected]
Affected configurations
Node
mauticmauticRange1.0.0-beta2≥
ORmauticmauticRange<4.4.12
| CPE | Name | Operator | Version |
|---|---|---|---|
| mautic/core | ge | 1.0.0-beta2 | |
| mautic/core | lt | 4.4.12 |
Related
veracode
veracode
Cross-Site Scripting (XSS)
2024-04-15 09:08:30
osv
osv
Mautic vulnerable to stored cross-site scripting in description field
2024-04-11 21:36:29