Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.
This could lead to the user having elevated access to the system.
CVSS Score
7.6
EPSS Score
0.001
Published
2024-09-17
A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript
CVSS Score
9.6
EPSS Score
0.021
Published
2022-06-20
A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript
CVSS Score
7.6
EPSS Score
0.004
Published
2022-06-01
Page 2