PT-2019-8778 · Mautic · Mautic

Joanbono

Published

2019-09-20

Updated

2021-01-19

CVE-2018-11200

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mautic versions 2.11.0 and earlier Mautic version 2.13.1

Description An issue was discovered that allows for Stored XSS via the company name field. This Cross Site Scripting (XSS) vulnerability can result in denial of service and execution of javascript code.

Recommendations For Mautic versions 2.11.0 and earlier, update to 2.14.0 or later. For Mautic version 2.13.1, update to 2.14.0 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-11200

GHSA-9HX7-RG7W-XM79

Affected Products

Mautic

PT-2019-8778 · Mautic · Mautic

CVE-2018-11200

Weakness Enumeration

Related Identifiers

Affected Products

References · 5