CVE-2026-9811 – Mautic Stored Cross-Site Scripting (XSS) Vulnerability

CVE ID :CVE-2026-9811

Published : May 29, 2026, 12:16 p.m. | 15 minutes ago

Description :A stored Cross-Site Scripting (XSS) vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fails to sanitize project names returned via AJAX before injecting them into the DOM as option fields. An authenticated user with permissions to create projects can exploit this to store a malicious script payload in the project’s name. When another administrative user subsequently opens an entity editor containing the project selector, the injected script executes within the context of their active browser session. This could allow an attacker to hijack the session, perform unauthorized state coordination, or access organizational data within the dashboard.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-49325 – Indian Scout Bobber 2025 WCM voltage-based shutdown

CVE-2026-49318 – Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot

CVE-2026-49317 – Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot

CVE-2026-49316 – Indian Scout Bobber 2025 WCM CAN bus-off attack silently bypasses anti-theft shutdown