Описание
XSS vulnerability on asset view
Impact
Mautic versions before 3.3.4 / 4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.
Patches
Upgrade to 3.3.4 or 4.0.0
Workarounds
No
References
https://github.com/mautic/mautic/releases/tag/3.3.4 https://github.com/mautic/mautic/releases/tag/4.0.0
For more information
If you have any questions or comments about this advisory:
- Email us at security@mautic.org
Пакеты
mautic/core
< 3.3.4
3.3.4
mautic/core
>= 4.0.0-alpha1, < 4.0.0
4.0.0
Связанные уязвимости
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.