Headline

GHSA-fhcx-f7jg-jx3f: Mautic vulnerable to cross-site scripting in notifications via saving Dashboards

Impact

Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.

Users could inject malicious code into the notification when saving Dashboards.

Patches

Update to Mautic 4.4.12.

Workarounds

None

References

https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)

If you have any questions or comments about this advisory:

Email us at [email protected]

5 months ago

ghsa

Open in Source

#xss #vulnerability #git

Package

composer mautic/core (Composer)

Affected versions

< 4.4.12

Patched versions

4.4.12

Description

Impact

Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.

Users could inject malicious code into the notification when saving Dashboards.

Patches

Update to Mautic 4.4.12.

Workarounds

None

References

https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)

If you have any questions or comments about this advisory:

Email us at [email protected]

References

GHSA-fhcx-f7jg-jx3f
mautic/mautic@e6d58de

RCheesley published to mautic/mautic

Apr 11, 2024

Published to the GitHub Advisory Database

Apr 12, 2024

Reviewed

Apr 12, 2024

ghsa: Latest News

GHSA-c7xm-rwqj-pgcj: LimeSurvey Cross Site Scripting vulnerability

18 hours ago

ghsa

GHSA-74q2-6jp4-3rqq: Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name

18 hours ago

ghsa

GHSA-632q-77qj-c89q: LimeSurvey Cross Site Scripting vulnerability

18 hours ago

ghsa

GHSA-6hwr-6v2f-3m88: XXE in PHPSpreadsheet's XLSX reader

20 hours ago

ghsa

GHSA-r8w8-74ww-j4wh: PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks

20 hours ago

ghsa