Mautic

Mautic

24 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2024-47051

  • EPSS 1.81%
  • Published 26.02.2025 13:15:39
  • Last modified 26.02.2025 13:15:39

This advisory addresses two critical security vulnerabilities present in Mautic versions before 5.2.3. These vulnerabilities could be exploited by authenticated users. * Remote Code Execution (RCE) via Asset Upload: A Remote Code Execution vulner...

4.3

CVE-2022-25773

  • EPSS 0.09%
  • Published 26.02.2025 13:15:32
  • Last modified 26.02.2025 13:15:32

This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server. * Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload funct...

5

CVE-2024-3448

  • EPSS 0.19%
  • Published 10.04.2024 14:15:07
  • Last modified 21.11.2024 09:29:37

Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the ...

5.4

CVE-2024-2731

  • EPSS 0.16%
  • Published 10.04.2024 14:15:07
  • Last modified 21.11.2024 09:10:23

Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and thei...

5.3

CVE-2024-2730

  • EPSS 0.28%
  • Published 10.04.2024 14:15:07
  • Last modified 21.11.2024 09:10:23

Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available

9

CVE-2020-35129

  • EPSS 0.62%
  • Published 19.01.2021 14:15:12
  • Last modified 21.11.2024 05:26:49

Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that wo...

9.8

CVE-2018-8092

  • EPSS 0.51%
  • Published 18.04.2018 08:29:00
  • Last modified 21.11.2024 04:13:14

Mautic before 2.13.0 allows CSV injection.

6.1

CVE-2018-8071

  • EPSS 0.24%
  • Published 18.04.2018 08:29:00
  • Last modified 21.11.2024 04:13:13

Mautic before v2.13.0 has stored XSS via a theme config file.

7.5

CVE-2018-10189

  • EPSS 0.32%
  • Published 17.04.2018 20:29:00
  • Last modified 21.11.2024 03:40:58

An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 t...

6.1

CVE-2017-1000506

Exploit
  • EPSS 0.4%
  • Published 09.02.2018 23:29:00
  • Last modified 21.11.2024 03:04:53

Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.