PT-2024-32377 · Mautic · Mautic
Avikarsha Saha
+4
·
Published
2024-09-18
·
Updated
2024-09-27
·
CVE-2024-47058
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
Mautic versions prior to 4.4.13
Mautic versions prior to 5.1.1
Description
With access to edit a Mautic form, an attacker can add Cross-Site Scripting stored in the
html field. This could be used to steal sensitive information from the user's current session.Recommendations
For versions prior to 4.4.13, upgrade to 4.4.13 or later.
For versions prior to 5.1.1, upgrade to 5.1.1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mautic