Mautic Tracking Vulnerable to Cross-Site Scripting
CVE-2024-47050

6.1MEDIUM

Key Information:

Vendor
Mautic
Status
Mautic
Vendor
CVE Published:
18 September 2024

Summary

Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.

Affected Version(s)

Mautic >= 2.6.0 < 2.6.0

Mautic > 5.0.0 < 5.0.0

References

https://github.com/mautic/mautic/security/advisories/GHSA...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

Credit

Mqrtin
Patryk Gruszka
Lenon Leite
John Linhart
.