17 matches found
EUVD-2024-2895
Malicious code in bioql PyPI...
CVE-2021-27917
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report...
CVE-2021-27917
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the contact tracking and page hits report feature. An attacker can manipulate web content or hijack user sessions by injecting malicious scripts. Details Cross-site scripting or XSS is a code vulnerabili...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the contact tracking and page hits report feature. An attacker can manipulate web content or hijack user sessions by injecting malicious scripts. Details Cross-site scripting or XSS is a code vulnerabili...
GHSA-XPC5-RR39-V8V2 Mautic has an XSS in contact tracking and page hits report
Summary Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. Patches Please update to 4.4.13 or 5.1.1 or later. Workarounds None References https://owasp.org/www-project-top-ten/2017/A72017-Cross-SiteScriptingXSS...
Mautic has an XSS in contact tracking and page hits report
Summary Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. Patches Please update to 4.4.13 or 5.1.1 or later. Workarounds None References https://owasp.org/www-project-top-ten/2017/A72017-Cross-SiteScriptingXSS...
GHSA-73GR-32WG-QHH7 Mautic vulnerable to XSS in contact/company tracking (no authentication)
Summary Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. Patches Please update to 4.4.13 or 5.1.1 or later. Workarounds None References https://owasp.org/www-project-top-ten/2017/A72017-Cross-SiteScriptingXSS...
CVE-2021-27917 XSS in contact tracking and page hits report
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report...
CVE-2021-27917 XSS in contact tracking and page hits report
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report...
CVE-2021-27917
CVE-2021-27917 documents a stored XSS vulnerability in Mautic’s contact tracking and page hits report. Affected component: mautic/core (and related mautic/core-lib in one entry) with unsafe handling of user input that can be stored and later executed in a user’s browser. Root cause centers on ins...
Mautic 安全漏洞
Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic version 1.0.0-beta4 and earlier versions, which stems from the contact tracking and pa...
PT-2024-10913 · Mautic · Mautic
Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 4.4.13 Mautic versions prior to 5.1.1 Description: A stored XSS issue existed in the contact tracking and page hits report, allowing for potential malicious script execution. Recommendations: For versions prior to...
GHSA-VFXJ-QG93-7WWC Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
Impact An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as...
OpenTrace has an unspecified vulnerability
OpenTrace is an implementation of the BlueTrace Epidemiology Contact Tracking Privacy Protection Protocol. A security vulnerability exists in OpenTrace used in COVIDSafe 1.0.17 and earlier versions, TraceTogether and ABTraceTogether and other apps iOS and Android, which can be exploited by a remo...
CVE-2018-10189
An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each...
CVE-2018-10189
In Mautic 1.x and 2.x before 2.13.0, an attacker can systematically emulate tracking cookies per contact by manipulating the cookie value with +1, effectively allowing a third party to assume the tracked identity of other contacts and access information via forms using progressive profiling. This...