mautic/core Security Advisories for 1.0.0-rc1 (23)
-
[HIGH] Mautic has insufficient authentication in upgrade flow
PKSA-gfhc-2ry6-vg76 CVE-2022-25770 GHSA-5hc5-fxr9-5frc
Affected version: >=5.0.0,<5.1.1|>=1.0.0-beta3,<4.4.13
Reported by:
GitHub -
[HIGH] Mautic has insufficient authentication in upgrade flow
PKSA-zrpx-tjt4-ctvz CVE-2024-47051 GHSA-qf6m-6m4g-rmrc
Affected version: >=5.0.0-alpha,<5.1.1|>=1.0.0-beta3,<4.4.13
Reported by:
GitHub -
[HIGH] Mautic has an XSS in contact tracking and page hits report
PKSA-39c1-mjv2-cwmh CVE-2021-27917 GHSA-xpc5-rr39-v8v2
Affected version: >=5.0.0-alpha,<5.1.1|>=1.0.0-beta4,<4.4.13
Reported by:
GitHub -
[LOW] Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
PKSA-zw3g-4t7k-356g CVE-2024-47058 GHSA-xv68-rrmw-9xwf
Affected version: >=1.0.0-beta,<4.4.13|>=5.0.0-alpha,<5.1.1
Reported by:
GitHub -
[MEDIUM] Mautic: MST-48 Server-Side Request Forgery in Asset section
PKSA-qbyg-mfvh-bykw CVE-2022-25777 GHSA-mgv8-w49f-822w
Affected version: >=5.0.0-alpha,<5.0.4|>=1.0.0-beta4,<4.4.12
Reported by:
GitHub -
[MEDIUM] Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
PKSA-47j7-7fkf-jb1b CVE-2022-25774 GHSA-fhcx-f7jg-jx3f
Affected version: <4.4.12
Reported by:
GitHub -
[HIGH] Mautic vulnerable to stored cross-site scripting in description field
PKSA-y6pk-4xsd-p383 CVE-2021-27915 GHSA-2rc5-2755-v422
Affected version: >=1.0.0-beta2,<4.4.12
Reported by:
GitHub -
[CRITICAL] Cross-site Scripting vulnerability in Mautic's tracking pixel functionality
PKSA-srsk-dycm-5jdh CVE-2022-25772 GHSA-pjpc-87mp-4332
Affected version: <4.3.0
Reported by:
GitHub -
[CRITICAL] Mautic stored Cross-site Scripting (XSS)
PKSA-b7h2-7psv-6msq CVE-2020-35129 GHSA-3px5-wjh3-9x6r
Affected version: <3.2.4
Reported by:
GitHub -
[MEDIUM] Mautic Cross Site Scripting (XSS) vulnerability
PKSA-91vm-khgg-bpcm CVE-2017-1000506 GHSA-358v-cqjc-2pcq
Affected version: <=2.11.0
Reported by:
GitHub -
[HIGH] Sensitive Cookie Without HttpOnly and Secure Flag
PKSA-x998-4bkd-wxy7 CVE-2017-1000046 GHSA-8255-qf34-44mp
Affected version: <2.1.1
Reported by:
GitHub -
[MEDIUM] Improper regex in htaccess file
PKSA-hj5d-wswk-kw69 CVE-2022-25769 GHSA-mj6m-246h-9w56
Affected version: >=4.0.0,<4.2.0|<3.3.5
Reported by:
GitHub -
[HIGH] XSS vulnerability on contacts view
PKSA-ykqx-7zqg-n9bn CVE-2021-27911 GHSA-72hm-fx78-xwhc
Affected version: <4.0.0|>=3.3.0,<3.3.4|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[LOW] Use of a Broken or Risky Cryptographic Algorithm
PKSA-fcy2-ts5y-y8xc CVE-2021-27913 GHSA-x7g2-wrrp-r6h3
Affected version: <4.0.0|>=3.3.0,<3.3.4|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] XSS vulnerability on asset view
PKSA-p6sq-9ppy-k1f8 CVE-2021-27912 GHSA-rh5w-82wh-jhr8
Affected version: <4.0.0|>=3.3.0,<3.3.4|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Stored XSS vulnerability on Bounce Management Callback
PKSA-dh3n-xcj8-kwbq CVE-2021-27910 GHSA-86pv-95mj-7w5f
Affected version: <4.0.0|>=3.3.0,<3.3.4|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] XSS vulnerability on password reset page
PKSA-rqyb-wvf2-m87b CVE-2021-27909 GHSA-32hw-3pvh-vcvc
Affected version: <4.0.0|>=3.3.0,<3.3.4|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Secret data exfiltration via symfony parameters
PKSA-ftms-7tmx-dwmz CVE-2021-27908 GHSA-4hjq-422q-4vpx
Affected version: >=3.3.0,<3.3.2|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] CSV Injection vulnerability with exported contact lists in Mautic
PKSA-9ptd-5qxp-t1ry CVE-2018-8092 GHSA-29v9-2fpx-j5g9
Affected version: <2.13.0
Reported by:
GitHub -
[MEDIUM] XSS vulnerability in company name field in Mautic
PKSA-fx76-j4z9-8y61 CVE-2018-11200 GHSA-9hx7-rg7w-xm79
Affected version: <2.11.0
Reported by:
GitHub -
[HIGH] Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
PKSA-hd2f-jn5c-n8qb CVE-2018-10189 GHSA-vfxj-qg93-7wwc
Affected version: <2.13.0
Reported by:
GitHub -
[MEDIUM] XSS vulnerability in theme config file in Mautic
PKSA-9d22-kfgn-x46d CVE-2018-8071 GHSA-5w74-jx7m-x6hv
Affected version: <2.13.0
Reported by:
GitHub -
[MEDIUM] Mautic users able to download any files from server using filemanager
PKSA-7v8g-j3cc-6zrr CVE-2017-1000490 GHSA-qpgw-2c72-4c89
Affected version: >=1.0.0,<2.12.0
Reported by:
GitHub