Cross-Site Scripting Vulnerability in Mautic Web Tracking Component
CVE-2022-25772

9.6CRITICAL

Key Information:

Vendor: Mautic
Status: Mautic
Vendor: CVE Published:; 20 June 2022

Summary

A cross-site scripting (XSS) vulnerability exists in the web tracking component of Mautic prior to version 4.3.0, allowing remote attackers to inject executable JavaScript. This flaw can be exploited to execute malicious scripts in the context of a user’s session, leading to unauthorized actions and data exposure. Users are encouraged to update to the latest version of Mautic to mitigate this security risk.

Affected Version(s)

Mautic < 4.3.0

References

https://github.com/mautic/mautic/security/advisories/GHSA...

https://www.intel.com/content/www/us/en/security-center/a...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 20, 2022
Vulnerability Reserved
Feb 22, 2022

Credit

Reported by Mattias Michaux, Dropsolid

Fixed by Mattias Michaux, Dropsolid