Lucene search
GoogleOSV:GHSA-2RC5-2755-V422HistoryApr 11, 2024 - 9:36 p.m.
Mautic vulnerable to stored cross-site scripting in description field
2024-04-1121:36:29
Google
osv.dev
6
mautic
cross-site scripting
xss
vulnerability
description field
elevated access
system
patch
update
version
permission
owasp
input validation
email
security advisory
Impact
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.
This could lead to the user having elevated access to the system.
Patches
Update to 4.4.12
Workarounds
None
References
- https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)
- https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting
If you have any questions or comments about this advisory:
Email us at [email protected]
Related
veracode
veracode
Cross-Site Scripting (XSS)
2024-04-15 09:08:30
github
github
Mautic vulnerable to stored cross-site scripting in description field
2024-04-11 21:36:29