CVE-2018-10189
- EPSS 0.3%
- Veröffentlicht 17.04.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:58
An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 t...
CVE-2017-1000506
- EPSS 0.4%
- Veröffentlicht 09.02.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:53
Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.
CVE-2017-1000490
- EPSS 0.34%
- Veröffentlicht 03.01.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:51
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.
CVE-2017-1000489
- EPSS 0.27%
- Veröffentlicht 03.01.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:51
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address
CVE-2017-1000488
- EPSS 0.24%
- Veröffentlicht 03.01.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:50
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
CVE-2017-1000046
- EPSS 0.28%
- Veröffentlicht 17.07.2017 13:18:17
- Zuletzt bearbeitet 20.04.2025 01:37:25
Mautic 2.6.1 and earlier fails to set flags on session cookies