CVE-2022-25772

Name of the Vulnerable Software and Affected Versions Mautic versions prior to 4.3.0

Description A cross-site scripting (XSS) vulnerability in the web tracking component allows remote attackers to inject executable javascript. The issue arises because the output of tracking metadata is not sufficiently filtered, leading to a vulnerable situation.

Recommendations For versions prior to 4.3.0, please upgrade to 4.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the web tracking component until the upgrade is applied.