Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:6 a.m.6 views

CVE-2017-1000489

Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address...

8.1CVSS6.8AI score0.01116EPSS
Exploits0References1
Prion
Prion
added 2021/08/30 4:15 p.m.11 views

Cross site scripting

Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets...

3.5CVSS5.1AI score0.00604EPSS
Exploits0References1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.27 views

XSS vulnerability on asset view

Impact Mautic versions before 3.3.4 / 4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets. Patch...

7.1CVSS5.7AI score0.00604EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.27 views

XSS vulnerability on password reset page

Impact For Mautic versions prior to 3.3.4, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password...

6.3CVSS6.1AI score0.04086EPSS
Exploits0Affected Software1
Rows per page
Query Builder