You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Moderate severity
GitHub Reviewed
Published
Apr 11, 2024
in
mautic/mautic
Impact
Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.
Users could inject malicious code into the notification when saving Dashboards.
Patches
Update to Mautic 4.4.12.
Workarounds
None
References
If you have any questions or comments about this advisory:
Email us at security@mautic.org
References