Mautic vulnerable to XSS in contact/company tracking (no authentication)
Description
Published by the National Vulnerability Database
Sep 18, 2024
Published to the GitHub Advisory Database
Sep 18, 2024
Reviewed
Sep 18, 2024
Last updated
Sep 27, 2024
Summary
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
Patches
Please update to 4.4.13 or 5.1.1 or later.
Workarounds
None
References
https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting
If you have any questions or comments about this advisory:
Email us at [email protected]
References