CVE-2022-25774

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mautic versions prior to 4.4.12

Description The issue is related to a self XSS vulnerability in the notifications within Mautic. Logged in users are vulnerable to this issue, which allows malicious code to be injected into the notification when saving Dashboards.

Recommendations Update to Mautic 4.4.12 to resolve the issue. As a temporary workaround, consider restricting the ability to save Dashboards or injecting custom code into notifications until the update is applied.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80CWE-79

Related Identifiers

CVE-2022-25774

GHSA-FHCX-F7JG-JX3F

Affected Products

Mautic

CVE-2022-25774

Weakness Enumeration

Related Identifiers

Affected Products

References · 8