Mautic

Mautic

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-5257

  • EPSS 0.17%
  • Veröffentlicht 28.05.2025 16:17:54
  • Zuletzt bearbeitet 29.05.2025 14:29:50

SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or s...

7.7

CVE-2024-47053

  • EPSS 0.13%
  • Veröffentlicht 26.02.2025 13:15:40
  • Zuletzt bearbeitet 16.10.2025 17:12:07

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. * Improper Authorization: An authorization flaw exists in Mautic's AP...

9.9

CVE-2024-47051

  • EPSS 0.7%
  • Veröffentlicht 26.02.2025 13:15:39
  • Zuletzt bearbeitet 16.10.2025 17:11:30

This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulner...

5.4

CVE-2022-25773

  • EPSS 0.14%
  • Veröffentlicht 26.02.2025 13:15:32
  • Zuletzt bearbeitet 16.10.2025 17:08:58

This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server. * Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload funct...

5

CVE-2024-3448

  • EPSS 0.19%
  • Veröffentlicht 10.04.2024 14:15:07
  • Zuletzt bearbeitet 21.11.2024 09:29:37

Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the ...

5.4

CVE-2024-2731

  • EPSS 0.16%
  • Veröffentlicht 10.04.2024 14:15:07
  • Zuletzt bearbeitet 21.11.2024 09:10:23

Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and thei...

5.3

CVE-2024-2730

  • EPSS 0.31%
  • Veröffentlicht 10.04.2024 14:15:07
  • Zuletzt bearbeitet 21.11.2024 09:10:23

Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available

9

CVE-2020-35129

  • EPSS 0.62%
  • Veröffentlicht 19.01.2021 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:26:49

Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that wo...

9.8

CVE-2018-8092

  • EPSS 0.49%
  • Veröffentlicht 18.04.2018 08:29:00
  • Zuletzt bearbeitet 21.11.2024 04:13:14

Mautic before 2.13.0 allows CSV injection.

6.1

CVE-2018-8071

  • EPSS 0.24%
  • Veröffentlicht 18.04.2018 08:29:00
  • Zuletzt bearbeitet 21.11.2024 04:13:13

Mautic before v2.13.0 has stored XSS via a theme config file.