GHSA-2rc5-2755-v422: Mautic vulnerable to stored cross-site scripting in description field

Impact

Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.

This could lead to the user having elevated access to the system.

Patches

Update to 4.4.12

Workarounds

None

References

• https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)
• https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting

If you have any questions or comments about this advisory:

Email us at [email protected]