CVE-2024-47058

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-47058

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47058.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-47058

Aliases

GHSA-xv68-rrmw-9xwf

Published

2024-09-18T21:00:28.950Z

Modified

2026-05-12T04:14:42.357759Z

Severity

2.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L CVSS Calculator

Summary

Cross-site Scripting (XSS) - stored (edit form HTML field)

Details

With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47058.json",
    "cna_assigner": "Mautic"
}

References

Affected packages

Git / github.com/mautic/mautic

Affected ranges

Type: GIT
Repo: https://github.com/mautic/mautic
Events: Introduced

96b53794017cde917e1e4262ebaaae5099e3586a

Fixed

8fa5a716b3082edb6bf3f2c10ab8025729d95a9c

Affected versions

5.*

5.0.0

5.1.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47058.json"