CVE-2024-47050: Mautic vulnerable to XSS in contact/company tracking (no authentication)
(updated )
Prior to this patch being applied, Mautic’s tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
References
- github.com/advisories/GHSA-73gr-32wg-qhh7
- github.com/mautic/mautic
- github.com/mautic/mautic/commit/0f21a3aa9c896788e1986fae0d7f166fc7a14c30
- github.com/mautic/mautic/commit/43db5e492c0ef82c917745849d5b454dbc8ca2c4
- github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7
- nvd.nist.gov/vuln/detail/CVE-2024-47050
Detect and mitigate CVE-2024-47050 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →