CVE-2025-9823
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-03

Last updated on: 2025-09-04

Assigner: Mautic

Description
SummaryA Cross-Site Scripting (XSS) vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious actions such as session hijacking, credential theft, or unauthorized actions in the application. DetailsThe vulnerability resides in the β€œTags” input field on the /s/ajax?action=lead:addLeadTags endpoint. Although the server applies sanitization before storing the data or returning it later, the payload is executed immediately in the victim’s browser upon reflection, allowing an attacker to run arbitrary JavaScript in the user’s session. ImpactA Reflected XSS attack can have a significant impact, allowing attackers to steal sensitive user data like cookies, redirect users to malicious websites, manipulate the web page content, and essentially take control of a user's session within an application by executing malicious JavaScript code within the victim's browser, even if the server-side code is secure; essentially enabling them to perform actions as if they were the logged-in user. References * Web Security Academy: Cross-site scripting https://portswigger.net/web-security/cross-site-scripting * Web Security Academy: Reflected cross-site scripting https://portswigger.net/web-security/cross-site-scripting/reflected
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-03
Last Modified
2025-09-04
Generated
2026-06-16
AI Q&A
2025-09-03
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9823
EUVD
EUVD-2025-26573
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
mautic mautic *
mautic core 4.4.0
mautic core 6.0.0-alpha
mautic core 5.0.0-alpha
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9823 is a reflected Cross-Site Scripting (XSS) vulnerability in the Mautic marketing automation platform. It occurs in the 'Tags' input field of the /s/ajax?action=lead:addLeadTags endpoint. The vulnerability arises because user-supplied input is reflected immediately in the server's response without proper sanitization or escaping, allowing an attacker to inject and execute arbitrary JavaScript code in another user's browser session. This can lead to malicious actions such as session hijacking, credential theft, unauthorized actions, content manipulation, and redirection to malicious websites. [1]

Impact Analysis

This vulnerability can allow attackers to execute arbitrary JavaScript in your browser session, potentially leading to theft of sensitive data like cookies, hijacking of your session, unauthorized actions performed on your behalf within the application, manipulation of web page content, and redirection to malicious websites. Even if the server-side code is secure, the attacker can control your session by exploiting this reflected XSS vulnerability. [1]

Detection Guidance

This vulnerability can be detected by testing the /s/ajax?action=lead:addLeadTags endpoint for reflected Cross-Site Scripting (XSS) by injecting JavaScript payloads into the "Tags" input field and observing if the payload is executed immediately in the response. Common detection methods include using web vulnerability scanners or manual testing with tools like curl or browser developer tools. For example, you can use curl to send a request with a test payload: curl -G --data-urlencode "tags=<script>alert(1)</script>" "https://your-mautic-instance/s/ajax?action=lead:addLeadTags" and check if the script executes or is reflected unsanitized in the response. Additionally, using browser developer tools to inspect the response and behavior after submitting tags can help detect the vulnerability. [1]

Mitigation Strategies

The immediate mitigation step is to update the Mautic platform to a patched version that fixes this vulnerability. Specifically, upgrade to version 4.4.17, 5.2.8, or 6.0.5 or later of the mautic/core Composer package. Until the update can be applied, consider restricting access to the vulnerable endpoint, applying web application firewall (WAF) rules to block malicious payloads targeting the Tags input field, and educating users to avoid interacting with suspicious links that could exploit this reflected XSS vulnerability. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9823. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart