Headline

GHSA-fhcx-f7jg-jx3f: Mautic vulnerable to cross-site scripting in notifications via saving Dashboards

Impact

Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.

Users could inject malicious code into the notification when saving Dashboards.

Patches

Update to Mautic 4.4.12.

Workarounds

None

References

https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)

If you have any questions or comments about this advisory:

Email us at [email protected]

7 months ago

ghsa

Open in Source

#xss #vulnerability #git

Package

composer mautic/core (Composer)

Affected versions

< 4.4.12

Patched versions

4.4.12

Description

Impact

Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.

Users could inject malicious code into the notification when saving Dashboards.

Patches

Update to Mautic 4.4.12.

Workarounds

None

References

https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)

If you have any questions or comments about this advisory:

Email us at [email protected]

References

GHSA-fhcx-f7jg-jx3f
mautic/mautic@e6d58de

RCheesley published to mautic/mautic

Apr 11, 2024

Published to the GitHub Advisory Database

Apr 12, 2024

Reviewed

Apr 12, 2024

ghsa: Latest News

GHSA-486g-47cc-8wxf: aiocpa contains credential harvesting code

16 hours ago

ghsa

GHSA-93ww-43rr-79v3: Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination

18 hours ago

ghsa

GHSA-jgwc-jh89-rpgq: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

18 hours ago

ghsa

GHSA-xg58-75qf-9r67: Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges

18 hours ago

ghsa

GHSA-qqwr-j9mm-fhw6: deno_doc's HTML generator vulnerable to Cross-site Scripting

18 hours ago

ghsa