Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-2rc5-2755-v422

GitHub Security Advisory

Mautic vulnerable to stored cross-site scripting in description field

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.

This could lead to the user having elevated access to the system.

### Patches
Update to 4.4.12

### Workarounds
None

### References
- https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)
- https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/02-Testing_for_Stored_Cross_Site_Scripting

If you have any questions or comments about this advisory:

Email us at [[email protected]](mailto:[email protected])

Affected Packages

Packagist mautic/core
Affected versions: 1.0.0-beta2 (fixed in 4.4.12)

Related CVEs

CVE-2021-27915

Key Information

GHSA ID
GHSA-2rc5-2755-v422
Published
April 11, 2024 9:36 PM
Last Modified
September 30, 2024 1:44 PM
CVSS Score
7.5 /10
Primary Ecosystem
Packagist
Primary Package
mautic/core
GitHub Reviewed
✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.