Lucene search

MauticVULNRICHMENT:CVE-2022-25774

HistorySep 18, 2024 - 2:54 p.m.

CVE-2022-25774 XSS in Notifications via saving Dashboards

2024-09-1814:54:36

CWE-79

Mautic

github.com

cve-2022-25774

mautic

xss

notifications

dashboards

vulnerability

self xss

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

18.3%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.

Users could inject malicious code into the notification when saving Dashboards.

References

github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f