Lucene search
MauticCVE-2024-47058HistorySep 18, 2024 - 9:15 p.m.
CVE-2024-47058
2024-09-1821:15:13
CWE-79
Mautic
web.nvd.nist.gov
25
cve-2024-47058
mautic
cross-site scripting
stored
html
vulnerability
sensitive information
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
3.4
Confidence
High
EPSS
0
Percentile
9.6%
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user’s current session.
Affected configurations
Node
acquiamauticRange1.0.0–4.4.13
ORacquiamauticRange5.0.0–5.1.1
CNA Affected
[
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "< 4.4.13",
"status": "affected",
"version": ">= 1.0.0",
"versionType": "semver"
},
{
"lessThan": "< 5.1.1",
"status": "affected",
"version": ">= 5.0.0",
"versionType": "semver"
}
]
}
]Related
nvd
nvd
CVE-2024-47058
2024-09-18 21:15:13
vulnrichment
vulnrichment
CVE-2024-47058 Cross-site Scripting (XSS) - stored (edit form HTML field)
2024-09-18 21:00:28
github
github
osv
osv
cvelist
cvelist
CVE-2024-47058 Cross-site Scripting (XSS) - stored (edit form HTML field)
2024-09-18 21:00:28
CVSS3
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
AI Score
3.4
Confidence
High
EPSS
0
Percentile
9.6%
Related for CVE-2024-47058