Impact
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
Patches
Upgrade to 2.12.0 or later.
Workarounds
None
References
https://github.com/mautic/mautic/releases/tag/2.12.0
For more information
If you have any questions or comments about this advisory:
alanhartless Analyst
Impact
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
Patches
Upgrade to 2.12.0 or later.
Workarounds
None
References
https://github.com/mautic/mautic/releases/tag/2.12.0
For more information
If you have any questions or comments about this advisory: