Описание
Inline JS XSS vulnerability in Mautic
Impact
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
Patches
Upgrade to 2.12.0 or later.
Workarounds
None
References
https://github.com/mautic/mautic/releases/tag/2.12.0
For more information
If you have any questions or comments about this advisory:
- Email us at security@mautic.org
Пакеты
Наименование
mautic/core
composer
Затронутые версииВерсия исправления
>= 2.1.0, < 2.12.0
2.12.0
Связанные уязвимости
CVSS3: 6.1
nvd
около 8 лет назад
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.