Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-47058

With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.

Published

2024-09-18T21:15:13.923

Last Modified

2024-09-27T15:31:30.917

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 2.9 (LOW)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	acquia	mautic	< 4.4.13	Yes
Application	acquia	mautic	< 5.1.1	Yes

References

https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf Vendor Advisory ([email protected])