CVE-2024-47058
published 2024-09-18CVE-2024-47058: With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from…
PriorityP419medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.20%
10.3th percentile
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acquia | mautic | >= 1.0.0 < 4.4.13 | 4.4.13 |
| acquia | mautic | >= 5.0.0 < 5.1.1 | 5.1.1 |
| mautic | core | >= 1.0.0-beta < 4.4.13 | 4.4.13 |
| mautic | core | >= 5.0.0-alpha < 5.1.1 | 5.1.1 |
| mautic | core-lib | >= 1.0.0-beta < 4.4.13 | 4.4.13 |
| mautic | core-lib | >= 5.0.0-alpha < 5.1.1 | 5.1.1 |
| mautic | mautic | >= >= 1.0.0 < < 4.4.13 | < 4.4.13 |
| mautic | mautic | >= >= 5.0.0 < < 5.1.1 | < 5.1.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
ghsa·2024-09-18
CVE-2024-47058 [MEDIUM] CWE-79 Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
### Impact
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
### Patches
Upgrade to 4.4.13 or 5.1.1 or later.
### Workarounds
None
### References
- https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)
- https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting
If you have any questions or comments about this advisory:
Email us at [[email protected]](mailto:[email protected])
OSV
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
osv·2024-09-18
CVE-2024-47058 [MEDIUM] Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
### Impact
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
### Patches
Upgrade to 4.4.13 or 5.1.1 or later.
### Workarounds
None
### References
- https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)
- https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting
If you have any questions or comments about this advisory:
Email us at [[email protected]](mailto:[email protected])
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-18
Published