Mautic Security Vulnerabilities and Issues — Mautic CVE List

Lucene search

AcquiaMautic

7 matches found

CVE•added 2019/09/20 6:15 p.m.•257 views

CVE-2018-11200

An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field.

6.1CVSS5.8AI score0.0024EPSS

CVE•added 2019/09/06 9:15 p.m.•151 views

CVE-2018-11198

An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json.

6.1CVSS5.8AI score0.0024EPSS

CVE•added 2021/08/30 4:15 p.m.•71 views

CVE-2021-27909

For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password rese...

6.3CVSS6.1AI score0.13177EPSS

CVE•added 2018/01/03 4:29 p.m.•60 views

CVE-2017-1000488

Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2024/09/18 4:15 p.m.•59 views

CVE-2022-25777

Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.

6.5CVSS6.3AI score0.00104EPSS

CVE•added 2018/01/03 5:29 p.m.•58 views

CVE-2017-1000490

Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.

6.5CVSS6.4AI score0.00344EPSS

CVE•added 2024/09/18 9:15 p.m.•38 views

CVE-2024-47050

Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.

6.1CVSS5.4AI score0.00196EPSS