mautic/core is vulnerable to cross-site scripting (XSS). The vulnerability exists as an administrator who can create or edit a company through a build form.
CPE | Name | Operator | Version |
---|---|---|---|
mautic/core | le | 2.16.4 | |
mautic/core | le | 3.2.3 |
forum.mautic.org/c/announcements/16
forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786
github.com/advisories/GHSA-p7v4-gm6j-cw9m
github.com/mautic/mautic/commit/ba31db23e664f889da55a29ff27f797e2ab5cb1b
github.com/mautic/mautic/pull/9588
labs.bishopfox.com/advisories/mautic-version-3.2.2