PT-2019-8777 · Mautic · Mautic

Joanbono

Published

2019-09-06

Updated

2021-01-25

CVE-2018-11198

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mautic version 2.13.1

Description An issue was discovered in Mautic where there is Stored XSS via the authorUrl field in config.json. This affects the Author URL of themes.

Recommendations For Mautic version 2.13.1, update to version 2.14 or later. As a temporary workaround, consider restricting access to the authorUrl field in config.json to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-11198

GHSA-XCF7-CJ8Q-PCJM

Affected Products

Mautic

PT-2019-8777 · Mautic · Mautic

CVE-2018-11198

Weakness Enumeration

Related Identifiers

Affected Products

References · 7