Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Description
Published to the GitHub Advisory Database
Apr 12, 2024
Reviewed
Apr 12, 2024
Published by the National Vulnerability Database
Sep 18, 2024
Last updated
Sep 18, 2024
Impact
Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.
Users could inject malicious code into the notification when saving Dashboards.
Patches
Update to Mautic 4.4.12.
Workarounds
None
References
If you have any questions or comments about this advisory:
Email us at [email protected]
References