Joanbono

**Name of the Vulnerable Software and Affected Versions** Mautic versions 2.11.0 and earlier Mautic version 2.13.1 **Description** An issue was discovered that allows for Stored XSS via the company name field. This Cross Site Scripting (XSS) vulnerability can result in denial of service and execution of javascript code. **Recommendations** For Mautic versions 2.11.0 and earlier, update to 2.14.0 or later. For Mautic version 2.13.1, update to 2.14.0 or later.

**Name of the Vulnerable Software and Affected Versions** Mautic version 2.13.1 **Description** An issue was discovered in Mautic where there is Stored XSS via the `authorUrl` field in `config.json`. This affects the Author URL of themes. **Recommendations** For Mautic version 2.13.1, update to version 2.14 or later. As a temporary workaround, consider restricting access to the `authorUrl` field in `config.json` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Helpy version 2.1.0 **Description** The issue is related to Stored XSS, which occurs via the `Ticket title`. This allows for the potential execution of malicious scripts. **Recommendations** For version 2.1.0, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting the use of the `Ticket title` field to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 2.13.0 Description: The issue is related to stored XSS via a theme config file. Recommendations: For versions prior to 2.13.0, update to 2.13.0 or later.

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 2.13.0 Description: The issue allows for CSV injection with exported contact lists. This can be exploited when a user exports contact lists. Recommendations: For versions prior to 2.13.0, update to 2.13.0 or later.