Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:6 a.m.6 views

CVE-2017-1000489

Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address...

8.1CVSS6.8AI score0.01116EPSS
Exploits0References1
Prion
Prion
added 2021/08/30 4:15 p.m.11 views

Cross site scripting

Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets...

3.5CVSS5.1AI score0.00604EPSS
Exploits0References1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.27 views

XSS vulnerability on password reset page

Impact For Mautic versions prior to 3.3.4, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password...

6.3CVSS6.1AI score0.04086EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.27 views

XSS vulnerability on asset view

Impact Mautic versions before 3.3.4 / 4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets. Patch...

7.1CVSS5.7AI score0.00604EPSS
Exploits0Affected Software1
Rows per page
Query Builder