CVE-2026-9811
Stored XSS in Mautic Project Selector Component
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: Mautic
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mautic | mautic | From 7.0.0 (inc) |
| mautic | mautic | 7.1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-9811 is a stored Cross-Site Scripting (XSS) vulnerability in the project selector component of Mautic version 7.0.0 and later.
The issue occurs because the application does not properly sanitize project names retrieved via AJAX before inserting them into the DOM as option fields in selection menus.
An authenticated user with permissions to create projects can exploit this by storing a malicious script payload in a project's name.
When another administrative user opens an entity editor containing the project selector, the malicious script executes within their browser session.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to hijack the session of an administrative user.
It can also enable the attacker to perform unauthorized actions or state coordination within the application.
Additionally, the attacker may gain access to organizational data visible within the Mautic dashboard.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if malicious script payloads have been stored in project names within the Mautic application. Since the vulnerability arises from unsanitized project names rendered via AJAX in the project selector component, one approach is to inspect project names for suspicious script tags or payloads.
There are no specific commands provided in the resources to detect this vulnerability directly on the network or system.
However, as a general approach, you can query the Mautic database for project names containing suspicious HTML or JavaScript code. For example, if you have database access, you might run a SQL query like:
- SELECT id, name FROM projects WHERE name LIKE '%<script>%';
This query attempts to find project names containing script tags which could indicate stored XSS payloads.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to restrict project creation and modification permissions to only trusted users. Since the vulnerability requires an authenticated user with project creation permissions to inject malicious scripts, limiting these permissions reduces the risk of exploitation.
Additionally, upgrading Mautic to version 7.1.2 or later is recommended, as this version contains the patch that properly sanitizes project names and prevents the stored XSS vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This stored Cross-Site Scripting (XSS) vulnerability in Mautic could lead to unauthorized access to organizational data and session hijacking. Such unauthorized access and potential data breaches may impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and ensuring secure handling of data.
Specifically, if an attacker exploits this vulnerability to access or manipulate sensitive data within the dashboard, it could result in violations of confidentiality and integrity requirements mandated by these standards.
Mitigation involves restricting project creation and modification permissions to trusted users and applying patches, which helps maintain compliance by reducing the risk of exploitation.