Dardan Prebreza

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 3.2.4 Description: The issue allows an attacker with permission to manage companies to perform stored XSS attacks on other users, including administrators. By loading an externally crafted JavaScript file, the attacker could eventually perform actions as the target user, such as changing user passwords, altering user or email addresses, or adding a new administrator to the system. Recommendations: For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the permission to manage companies to trusted users only, and avoid loading externally crafted JavaScript files.

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 3.2.4 Description: The issue affects Mautic, allowing an attacker with access to the Social Monitoring feature to perform stored XSS attacks on other users, including administrators. This could enable the attacker to load an externally drafted JavaScript file, potentially allowing them to change the target user's password or email address, or even elevate their own user role from a low-privileged user to an administrator account. Recommendations: For versions prior to 3.2.4, update to version 3.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Social Monitoring feature to minimize the risk of exploitation.