CVE-2022-25772

Опубликовано: 20 июн. 2022

Источник: nvd

CVSS3: 9.6

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript

Ссылки

https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332
Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html
https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332
Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*

Версия до 4.3.0 (исключая)

EPSS

Процентиль: 86%

0.02711

Низкий

9.6 Critical

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-pjpc-87mp-4332

CVSS3: 9.6

github

больше 3 лет назад

Cross-site Scripting vulnerability in Mautic's tracking pixel functionality

EPSS

Процентиль: 86%

0.02711

Низкий

9.6 Critical

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79