CVE-2022-25774

Description

Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards.

PUBLISHED Reserved 2022-02-22 | Published 2024-09-18 | Updated 2024-09-18 | Assigner Mautic

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Credits

Vautia reporter

Lenon Leite remediation developer

Zdeno Kuzmany remediation reviewer

John Linhart remediation verifier

References

github.com/...mautic/security/advisories/GHSA-fhcx-f7jg-jx3f

cve.org (CVE-2022-25774)

nvd.nist.gov (CVE-2022-25774)