Mautic Stored Cross-Site Scripting Vulnerability in Project Selector Component

A stored Cross-Site Scripting (XSS) vulnerability has been identified in the project selector component of Mautic version 7. The issue arises because the application does not properly sanitize project names returned via AJAX before injecting them into the DOM as option fields. This vulnerability can be exploited by an authenticated user with project creation permissions, allowing them to inject a malicious script payload into the project's name. When another administrative user opens an entity editor with the project selector, the injected script executes in their browser session, potentially hijacking the session, performing unauthorized actions, or accessing organizational data on the dashboard.

Impact

Exploitation of this vulnerability allows for stored Cross-Site Scripting, where injected scripts are executed in the context of the user's browser session, potentially leading to session hijacking, unauthorized actions, or access to sensitive organizational data.

Remediation

Users can upgrade to Mautic version 7.1.2 to address this vulnerability. For those using earlier versions of Mautic 7, it is recommended to restrict project creation and modification permissions to trusted administrative users.