GHSA-9v8p-m85m-f7mm

Source

https://github.com/advisories/GHSA-9v8p-m85m-f7mm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-9v8p-m85m-f7mm/GHSA-9v8p-m85m-f7mm.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9v8p-m85m-f7mm

Aliases

CVE-2025-9823

Published

2025-09-03T22:18:39Z

Modified

2025-09-03T22:27:22.546477Z

Severity

4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add

Details

Summary

A Cross-Site Scripting (XSS) vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious actions such as session hijacking, credential theft, or unauthorized actions in the application.

Details

The vulnerability resides in the “Tags” input field on the /s/ajax?action=lead:addLeadTags endpoint. Although the server applies sanitization before storing the data or returning it later, the payload is executed immediately in the victim’s browser upon reflection, allowing an attacker to run arbitrary JavaScript in the user’s session.

Impact

A Reflected XSS attack can have a significant impact, allowing attackers to steal sensitive user data like cookies, redirect users to malicious websites, manipulate the web page content, and essentially take control of a user's session within an application by executing malicious JavaScript code within the victim's browser, even if the server-side code is secure; essentially enabling them to perform actions as if they were the logged-in user.

References

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "nvd_published_at": "2025-09-03T15:15:49Z",
    "github_reviewed_at": "2025-09-03T22:18:39Z"
}

References

Affected packages

Packagist / mautic/core

Package

Name: mautic/core
Purl: pkg:composer/mautic/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.4.0

Fixed

4.4.17

Affected versions

4.*

4.4.0

4.4.1

4.4.2

4.4.3

4.4.4

4.4.5

4.4.6

4.4.7

4.4.8

4.4.9

4.4.10

4.4.11

4.4.12

4.4.13

Packagist / mautic/core

Package

Name: mautic/core
Purl: pkg:composer/mautic/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0-alpha

Fixed

5.2.8

Affected versions

5.*

5.0.0-alpha

5.0.0-alpha1

5.0.0-beta1

5.0.0-beta2

5.0.0-rc1

5.0.0-rc2

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.1.0

5.1.1

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.2.5

5.2.6

5.2.7

Packagist / mautic/core

Package

Name: mautic/core
Purl: pkg:composer/mautic/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0-alpha

Fixed

6.0.5

Affected versions

6.*

6.0.0-alpha

6.0.0-beta2

6.0.0-rc

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4