Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
Upgrade to 2.12.0 or later.
None
https://github.com/mautic/mautic/releases/tag/2.12.0
If you have any questions or comments about this advisory:
CPE | Name | Operator | Version |
---|---|---|---|
mautic/core | eq | 2.5.1 | |
mautic/core | eq | 2.11.0 | |
mautic/core | eq | 2.3.0 | |
mautic/core | eq | 2.8.0 | |
mautic/core | eq | 2.9.2 | |
mautic/core | eq | 2.12.0-beta | |
mautic/core | eq | 2.4.0 | |
mautic/core | eq | 2.10.1 | |
mautic/core | eq | 2.7.1 | |
mautic/core | eq | 2.5.0 |