What is the severity of CVE-2022-25774?

CVE-2022-25774 has been classified as a medium severity vulnerability affecting logged in users of Mautic.

How do I fix CVE-2022-25774?

To resolve CVE-2022-25774, update your Mautic installation to version 4.4.12 or later.

What type of vulnerability is CVE-2022-25774?

CVE-2022-25774 is categorized as a self XSS vulnerability within the notifications feature of Mautic.

Who is affected by CVE-2022-25774?

Logged in users of Mautic prior to version 4.4.12 are vulnerable to CVE-2022-25774.

What can attackers do with CVE-2022-25774?

Attackers could exploit CVE-2022-25774 to inject malicious code into notifications while saving dashboards.

Vulnerability/
CVE-2022-25774

medium

5.4

CWE

79 80

12/4/2024

18/9/2024

23/9/2024

CVE-2022-25774: XSS in Notifications via saving Dashboards

First published: Fri Apr 12 2024(Updated: )

### Impact Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards. ### Patches Update to Mautic 4.4.12. ### Workarounds None ### References - https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS) If you have any questions or comments about this advisory: Email us at [security@mautic.org](mailto:security@mautic.org)

Credit: security@mautic.org security@mautic.org

Affected Software	Affected Version	How to fix
composer/mautic/core	<4.4.12	4.4.12
Mautic	<4.4.12

Remedy

Update to 4.4.12 or later.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-25774?
CVE-2022-25774 has been classified as a medium severity vulnerability affecting logged in users of Mautic.
How do I fix CVE-2022-25774?
To resolve CVE-2022-25774, update your Mautic installation to version 4.4.12 or later.
What type of vulnerability is CVE-2022-25774?
CVE-2022-25774 is categorized as a self XSS vulnerability within the notifications feature of Mautic.
Who is affected by CVE-2022-25774?
Logged in users of Mautic prior to version 4.4.12 are vulnerable to CVE-2022-25774.
What can attackers do with CVE-2022-25774?
Attackers could exploit CVE-2022-25774 to inject malicious code into notifications while saving dashboards.

agent/weakness
agent/first-publish-date
agent/remedy
agent/title
agent/type
agent/description
agent/event
collector/github-advisory-latest
source/GitHub
alias/GHSA-fhcx-f7jg-jx3f
alias/CVE-2022-25774
agent/software-canonical-lookup
agent/references
agent/author
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/softwarecombine
collector/github-advisory
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-api
package-manager/composer
vendor/acquia
canonical/mautic

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.