-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability manifests in three key areas: 1) Input handling during company creation/modification (saveAction) where XSS payloads are accepted without sanitization. 2) Entity persistence layer (setName) that stores raw user input. 3) Output rendering in templates that display the company name without proper escaping. The high confidence comes from the vulnerability's nature (stored XSS) requiring both improper input handling and unsafe output rendering, which aligns with Mautic's typical MVC structure. The medium confidence for setName reflects that input sanitization might not be the entity's responsibility.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| mautic/core | composer | <= 2.11.0 | 2.14.2 |
A Semantic Attack on Google Gemini - Read the Latest Research