With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
References
Link | Resource |
---|---|
https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
27 Sep 2024, 15:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
First Time |
Acquia mautic
Acquia |
|
CPE | cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:* |
20 Sep 2024, 12:30
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
18 Sep 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-18 21:15
Updated : 2024-09-27 15:31
NVD link : CVE-2024-47058
Mitre link : CVE-2024-47058
CVE.ORG link : CVE-2024-47058
JSON object : View
Products Affected
acquia
- mautic
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')