CVE-2022-25772 CRITICAL

CVE-2022-25772

Vendor Mautic

Product Mautic

Weakness CWE-79 · XSS

Published June 20, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

9.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

What the vulnerability does

01Description

A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript

Key dates

02Disclosure timeline

June 20, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-25772 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-27937 October: Reflected XSS via DataTable Form Widget CVE-2025-47622 WordPress Email Notification on Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability CVE-2026-47983 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2024-8473 SQL injection vulnerability in Job Portal CVE-2023-51480 WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)