Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mautic vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-27912
Mautic versions prior to 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit ass...
Acquia Mautic
Acquia Mautic 4.0.0
6.1
CVSSv3
CVE-2021-27910
Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "error_related_to" parameters of the POST request of the bounce management callback...
Acquia Mautic
Acquia Mautic 4.0.0
6.1
CVSSv3
CVE-2021-27911
Mautic versions prior to 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and la...
Acquia Mautic
Acquia Mautic 4.0.0
3.5
CVSSv3
CVE-2021-27913
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that ...
Acquia Mautic
Acquia Mautic 4.0.0
6.1
CVSSv3
CVE-2022-25772
A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic prior to 4.3.0 allows remote malicious users to inject executable javascript
Acquia Mautic
4.4
CVSSv3
CVE-2021-27908
In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing ...
Acquia Mautic
4.8
CVSSv3
CVE-2021-27914
A cross-site scripting (XSS) vulnerability in the installer component of Mautic prior to 4.3.0 allows admins to inject executable javascript
Acquia Mautic
9
CVSSv3
CVE-2020-35128
Mautic prior to 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform action...
Acquia Mautic
9.6
CVSSv3
CVE-2020-35124
A cross-site scripting (XSS) vulnerability in the assets component of Mautic prior to 3.2.4 allows remote malicious users to inject executable JavaScript through the Referer header of asset downloads.
Acquia Mautic
9.6
CVSSv3
CVE-2020-35125
A cross-site scripting (XSS) vulnerability in the forms component of Mautic prior to 3.2.4 allows remote malicious users to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).
Acquia Mautic
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »