Lucene search
K

8 matches found

EUVD
EUVD
added 2026/07/02 7:49 p.m.15 views

EUVD-2026-33280

Mautic has Stored Cross-Site Scripting XSS in Project Option Selector...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 12:16 p.m.19 views

CVE-2026-9811

A stored Cross-Site Scripting XSS vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fails to sanitize project names returned via AJAX before injecting them into the DOM as option fields...

5.4CVSS0.00133EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 12:16 p.m.18 views

CVE-2026-9559

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...

9.9CVSS0.00583EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 10:41 a.m.12 views

CVE-2026-9811

A stored Cross-Site Scripting XSS vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fails to sanitize project names returned via AJAX before injecting them into the DOM as option fields...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 10:41 a.m.13 views

CVE-2026-9811

A stored Cross-Site Scripting XSS vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fails to sanitize project names returned via AJAX before injecting them into the DOM as option fields...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 10:41 a.m.21 views

CVE-2026-9811

CVE-2026-9811 is a stored XSS vulnerability in Mautic 7, specifically in the project selector component. The issue arises when rendering AJAX-returned project names into DOM option fields without proper sanitization; an authenticated user with project creation rights can inject malicious script v...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 10:19 a.m.11 views

CVE-2026-9559

A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. An authenticated user with campaign import privileges...

9.9CVSS6AI score0.00583EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 10:19 a.m.23 views

CVE-2026-9559

CVE-2026-9559 describes a path traversal vulnerability in Mautic 7 within the campaign import feature. During ZIP extraction in campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories, enabling an authenticated user with campaign import priv...

9.9CVSS6AI score0.00583EPSS
Exploits0References1
Rows per page
Query Builder