CVE-2022-25774

Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*

History

23 Sep 2024, 23:21

Type Values Removed Values Added
CPE cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*
References () https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f - () https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f - Third Party Advisory
First Time Acquia mautic
Acquia
CVSS v2 : unknown
v3 : 4.8
v2 : unknown
v3 : 5.4

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) Antes de la versión parcheada, los usuarios que habían iniciado sesión en Mautic eran vulnerables a una vulnerabilidad XSS propia en las notificaciones dentro de Mautic. Los usuarios podían inyectar código malicioso en la notificación al guardar los Dashboards.

18 Sep 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-18 15:15

Updated : 2024-09-23 23:21


NVD link : CVE-2022-25774

Mitre link : CVE-2022-25774

CVE.ORG link : CVE-2022-25774


JSON object : View

Products Affected

acquia

  • mautic
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')