Mautic has an XSS in contact tracking and page hits report
Description
Published to the GitHub Advisory Database
Sep 18, 2024
Reviewed
Sep 18, 2024
Published by the National Vulnerability Database
Sep 18, 2024
Last updated
Sep 27, 2024
Summary
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
Patches
Please update to 4.4.13 or 5.1.1 or later.
Workarounds
None
References
https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting
If you have any questions or comments about this advisory:
Email us at [email protected]
References