Base Score

MEDIUM4.8

CVE-2024-47058

With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.

VectorNETWORK

Published Bysecurity@mautic.org

Published DateSep 18, 2024, 21:15

Affected Versions(4)

mautic/core(Packagist)

Introduced5.0.0-alpha

Fixed5.1.1

LimitN/A

mautic/core(Packagist)

Introduced1.0.0-beta

Fixed4.4.13

LimitN/A

mautic/core-lib(Packagist)

Introduced5.0.0-alpha

Fixed5.1.1

LimitN/A

mautic/core-lib(Packagist)

Introduced1.0.0-beta

Fixed4.4.13

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
mautic/core(Packagist)	5.0.0-alpha	5.1.1	N/A
mautic/core(Packagist)	1.0.0-beta	4.4.13	N/A
mautic/core-lib(Packagist)	5.0.0-alpha	5.1.1	N/A
mautic/core-lib(Packagist)	1.0.0-beta	4.4.13	N/A

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

4.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf

Base Score

MEDIUM4.8

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

4.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE