Mautic versions prior to 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
acquia mautic |
||
acquia mautic 4.0.0 |