Rohitp19

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 3.3.4/4.0.0 Description: The issue is related to an inline JS XSS attack that can be triggered through a contact's first or last name when viewing a contact's details page, clicking on the action drop down, and hovering over the Campaigns button. The contact's first and last name can be populated from various sources, including UI, API, 3rd party syncing, forms, etc. Recommendations: Upgrade to version 3.3.4 or 4.0.0 to resolve the issue. As a temporary workaround, consider restricting the input of contact first and last names to minimize the risk of exploitation. Avoid using potentially malicious input from different sources such as UI, API, 3rd party syncing, forms, etc. until the issue is resolved.