Vulnerability DatabaseCVE-2024-47058
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2024-47058
September 18, 2024
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
Related ResourcesĀ (5)
https://github.com/mautic/mautic/commit/88153a15b3cea331b7036d956b880c69e81a0032
https://github.com/mautic/mautic/commit/344b908ef690283e7d8d3fc5cc1327396a1c3046
https://nvd.nist.gov/vuln/detail/CVE-2024-47058
https://github.com/mautic/mautic
https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf
Do you need more information?
Contact Us
CVSS v4
Base Score:
1
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
2.9
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
LOW
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79
EPSS
Base Score:
0.19