Vulnerabilites related to Mautic - Mautic
Vulnerability from fkie_nvd
Published
2021-01-19 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.mautic.org/c/announcements/16 | Vendor Advisory | |
| cve@mitre.org | https://labs.bishopfox.com/advisories/mautic-version-3.2.2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.mautic.org/c/announcements/16 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://labs.bishopfox.com/advisories/mautic-version-3.2.2 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F028A2-0E38-435B-BEF8-4B4F77F693BD",
"versionEndExcluding": "3.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user\u2019s behalf, including changing the user\u2019s password or email address or changing the attacker\u2019s user role from a low-privileged user to an administrator account."
},
{
"lang": "es",
"value": "Mautic versiones anteriores a 3.2.4, est\u00e1 afectado por una vulnerabilidad de tipo XSS almacenado.\u0026#xa0;Un atacante con acceso a Social Monitoring, una funcionalidad de la aplicaci\u00f3n, podr\u00eda atacar a otros usuarios, incluyendo los administradores.\u0026#xa0;Por ejemplo, un atacante podr\u00eda cargar un archivo JavaScript redactado externamente que le permitir\u00eda eventualmente realizar acciones en nombre del usuario objetivo, incluido el cambio de la contrase\u00f1a o la direcci\u00f3n de correo electr\u00f3nico del usuario o el cambio del rol de usuario del atacante de un usuario poco privilegiado a una cuenta de administrador"
}
],
"id": "CVE-2020-35129",
"lastModified": "2024-11-21T05:26:49.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-19T14:15:12.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-03 17:29
Modified
2024-11-21 03:04
Severity ?
Summary
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mautic/mautic/releases/tag/2.12.0 | Exploit, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/releases/tag/2.12.0 | Exploit, Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acquia | mautic | 1.0.1 | |
| acquia | mautic | 1.0.2 | |
| acquia | mautic | 1.0.3 | |
| acquia | mautic | 1.0.4 | |
| acquia | mautic | 1.0.5 | |
| acquia | mautic | 1.1.0 | |
| acquia | mautic | 1.1.1 | |
| acquia | mautic | 1.1.2 | |
| acquia | mautic | 1.1.3 | |
| acquia | mautic | 1.2.0 | |
| acquia | mautic | 1.2.1 | |
| acquia | mautic | 1.2.2 | |
| acquia | mautic | 1.2.3 | |
| acquia | mautic | 1.2.4 | |
| acquia | mautic | 1.3.0 | |
| acquia | mautic | 1.3.1 | |
| acquia | mautic | 1.4.0 | |
| acquia | mautic | 1.4.1 | |
| acquia | mautic | 2.0.0 | |
| acquia | mautic | 2.0.1 | |
| acquia | mautic | 2.1.0 | |
| acquia | mautic | 2.1.1 | |
| acquia | mautic | 2.2.0 | |
| acquia | mautic | 2.2.1 | |
| acquia | mautic | 2.3.0 | |
| acquia | mautic | 2.4.0 | |
| acquia | mautic | 2.5.0 | |
| acquia | mautic | 2.5.1 | |
| acquia | mautic | 2.6.0 | |
| acquia | mautic | 2.6.1 | |
| acquia | mautic | 2.7.0 | |
| acquia | mautic | 2.7.1 | |
| acquia | mautic | 2.8.0 | |
| acquia | mautic | 2.8.1 | |
| acquia | mautic | 2.8.2 | |
| acquia | mautic | 2.9.0 | |
| acquia | mautic | 2.9.1 | |
| acquia | mautic | 2.10.0 | |
| acquia | mautic | 2.10.1 | |
| acquia | mautic | 2.11.0 | |
| mautic | mautic | 1.0.0 | |
| mautic | mautic | 1.2.0 | |
| mautic | mautic | 2.9.0 | |
| mautic | mautic | 2.9.2 | |
| mautic | mautic | 2.10.0 | |
| mautic | mautic | 2.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E592D4D5-0E5A-4B39-AC04-088B824D3E73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B41915-93B3-4FFE-968A-615D008EA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D769331C-B1F6-49BD-A6C2-AC02D3129BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA550469-F69F-4622-926B-FD4A537B21FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "425F698F-CCD6-4A05-A31F-5F8BFEF60F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66FD252B-7E86-4275-BF02-E33FA91CD5F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FE419F-CE46-4DB2-9581-2DA2E10C2E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0705A45D-2B1C-440D-8019-D404046591F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA5F6FC-DFD2-4E62-B420-25E0ECABE7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C728C7F3-2C0C-4486-80F4-A9548C535C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF32567-BCCE-4817-A4D9-345D408B9DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "366161CC-8FF1-44B8-A16A-00D2D828AA87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "996A31B6-3FC4-4347-9BC7-6B0E3252443A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B17CC51-A2F1-4D54-BAED-12E0578CF59E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A16DB243-0658-4354-B63C-47BE02F3702B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F328D42-C524-4B27-A0AD-25A12DE7C506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC913822-C3C3-42D2-B804-DA960E2DA12A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A252C2D-156A-4ED7-B0D3-4FC66BC10916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3570E4D0-3F19-4343-B8D6-570693C231BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8183F886-F921-4B41-B4F4-BCADD1D82490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "821E491B-4306-43D8-9884-D26D557B85C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "067FE5C3-BD71-4F6F-9777-9429FBCD2669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352CCA25-B7E2-4878-83CD-D444DE1A4D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F537D29E-267F-41DA-A7D6-EAE8F2F1D0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6295440-4EB3-45EE-86B7-A06041580114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65FE8140-C008-4271-862A-02D8338E7471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F69C10-F74A-4399-9665-75C62AF1ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2343A267-12F1-4720-B548-74201E57CC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7CE6166-E6FA-40D7-9EA7-C329DA8396D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0E77CC-1C9E-47A1-A48D-1A098537F1EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4E6411-EF70-4AFA-A5EA-B4B31E3B87FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49602924-B1C2-40AB-9711-582B910C5135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF326AC-1598-4E5D-9138-74C9BB07D217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59461408-E345-40BE-8E0F-F6A6963B3815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504AFF4D-A70A-4AEB-A4F6-01146BD7DAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.9.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "578537AC-BF31-43D7-B80A-B5AD235882A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "477202B1-9A31-4C8A-9B22-B296BC413838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "AF978F65-E884-4814-8C37-38F699720069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95D68FA7-8E9C-4F94-89AC-05389DB5FC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "B650408E-4D7E-48C0-AF62-3C79DD5ACD52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31F663D5-2240-41BD-A450-AA6F5C329255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "635041AC-ADB0-4B87-8C0C-DE2CC7E758C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEC05DD-9E41-4D78-9EDB-F086DFD0FD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ECE904-F0B8-4194-B35B-1A7404602CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09011058-0F31-4D8E-B1BB-3E3DC4437955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A48919-3F8F-41FC-9831-45766D3C3478",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to."
},
{
"lang": "es",
"value": "Mautic, de la versi\u00f3n 1.0.0 a la 2.11.0, es vulnerable a permitir que cualquier sesi\u00f3n de usuario autorizada de Mautic (debe haber iniciado sesi\u00f3n) utilice el Filemanager para descargar cualquier archivo del servidor al que tenga acceso el usuario web."
}
],
"id": "CVE-2017-1000490",
"lastModified": "2024-11-21T03:04:51.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-03T17:29:00.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2025-04-20 01:37
Severity ?
Summary
Mautic 2.6.1 and earlier fails to set flags on session cookies
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E09F6CCE-9E00-44B8-8E93-83CC45862B7A",
"versionEndIncluding": "2.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic 2.6.1 and earlier fails to set flags on session cookies"
},
{
"lang": "es",
"value": "En Mautic versi\u00f3n 2.6.1 y anteriores, se presenta un fallo al ajustar las flags en las cookies de sesi\u00f3n."
}
],
"id": "CVE-2017-1000046",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:17.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.trustmatta.com/advisories/MATTA-2017-002.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.trustmatta.com/advisories/MATTA-2017-002.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-17 20:29
Modified
2024-11-21 03:40
Severity ?
Summary
An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mautic/mautic/releases/tag/2.13.0 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/releases/tag/2.13.0 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5779710D-099E-40EE-8DF3-55BD3179A50C",
"versionEndIncluding": "1.4.1",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFAEE48-4AEF-4F8C-95E0-6E8D848D900F",
"versionEndExcluding": "2.13.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Mautic, en versiones 1.x y 2.x anteriores a la 2.13.0. Es posible emular de forma sistem\u00e1tica el rastreo de cookies por contacto debido al rastreo de contacto por su ID autoincrementada. Por lo tanto, un tercero puede manipular el valor de la cookie con un +1 para asumir sistem\u00e1ticamente que se est\u00e1 rastreando como cada contacto en Mautic. As\u00ed, ser\u00eda posible recuperar informaci\u00f3n sobre el contacto a trav\u00e9s de formularios que tengan habilitada la generaci\u00f3n de perfiles progresiva."
}
],
"id": "CVE-2018-10189",
"lastModified": "2024-11-21T03:40:58.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-17T20:29:00.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-18 08:29
Modified
2024-11-21 04:13
Severity ?
Summary
Mautic before v2.13.0 has stored XSS via a theme config file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mautic/mautic/releases/tag/2.13.0 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/releases/tag/2.13.0 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D93C9EF4-5B29-4AC4-AF82-FE1595329CFD",
"versionEndExcluding": "2.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic before v2.13.0 has stored XSS via a theme config file."
},
{
"lang": "es",
"value": "Mautic en versiones anteriores a la v2.13.0 tiene Cross-Site Scripting (XSS) persistente mediante un archivo de configuraci\u00f3n de tema."
}
],
"id": "CVE-2018-8071",
"lastModified": "2024-11-21T04:13:13.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-18T08:29:00.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-18 08:29
Modified
2024-11-21 04:13
Severity ?
Summary
Mautic before 2.13.0 allows CSV injection.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mautic/mautic/releases/tag/2.13.0 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/releases/tag/2.13.0 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D93C9EF4-5B29-4AC4-AF82-FE1595329CFD",
"versionEndExcluding": "2.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic before 2.13.0 allows CSV injection."
},
{
"lang": "es",
"value": "Mautic en versiones anteriores a la 2.13.0 permite la inyecci\u00f3n CSV."
}
],
"id": "CVE-2018-8092",
"lastModified": "2024-11-21T04:13:14.883",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-18T08:29:00.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-03 17:29
Modified
2024-11-21 03:04
Severity ?
Summary
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mautic/mautic/releases/tag/2.12.0 | Issue Tracking, Mitigation, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/releases/tag/2.12.0 | Issue Tracking, Mitigation, Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acquia | mautic | 2.0.0 | |
| acquia | mautic | 2.0.1 | |
| acquia | mautic | 2.1.0 | |
| acquia | mautic | 2.1.1 | |
| acquia | mautic | 2.2.0 | |
| acquia | mautic | 2.2.1 | |
| acquia | mautic | 2.3.0 | |
| acquia | mautic | 2.4.0 | |
| acquia | mautic | 2.5.0 | |
| acquia | mautic | 2.5.1 | |
| acquia | mautic | 2.6.0 | |
| acquia | mautic | 2.6.1 | |
| acquia | mautic | 2.7.0 | |
| acquia | mautic | 2.7.1 | |
| acquia | mautic | 2.8.0 | |
| acquia | mautic | 2.8.1 | |
| acquia | mautic | 2.8.2 | |
| acquia | mautic | 2.9.0 | |
| acquia | mautic | 2.9.1 | |
| acquia | mautic | 2.10.0 | |
| acquia | mautic | 2.10.1 | |
| acquia | mautic | 2.11.0 | |
| mautic | mautic | 2.9.0 | |
| mautic | mautic | 2.9.2 | |
| mautic | mautic | 2.10.0 | |
| mautic | mautic | 2.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3570E4D0-3F19-4343-B8D6-570693C231BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8183F886-F921-4B41-B4F4-BCADD1D82490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "821E491B-4306-43D8-9884-D26D557B85C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "067FE5C3-BD71-4F6F-9777-9429FBCD2669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352CCA25-B7E2-4878-83CD-D444DE1A4D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F537D29E-267F-41DA-A7D6-EAE8F2F1D0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6295440-4EB3-45EE-86B7-A06041580114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65FE8140-C008-4271-862A-02D8338E7471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F69C10-F74A-4399-9665-75C62AF1ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2343A267-12F1-4720-B548-74201E57CC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7CE6166-E6FA-40D7-9EA7-C329DA8396D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0E77CC-1C9E-47A1-A48D-1A098537F1EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4E6411-EF70-4AFA-A5EA-B4B31E3B87FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49602924-B1C2-40AB-9711-582B910C5135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF326AC-1598-4E5D-9138-74C9BB07D217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59461408-E345-40BE-8E0F-F6A6963B3815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504AFF4D-A70A-4AEB-A4F6-01146BD7DAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.9.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "578537AC-BF31-43D7-B80A-B5AD235882A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "477202B1-9A31-4C8A-9B22-B296BC413838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "AF978F65-E884-4814-8C37-38F699720069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95D68FA7-8E9C-4F94-89AC-05389DB5FC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "B650408E-4D7E-48C0-AF62-3C79DD5ACD52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEC05DD-9E41-4D78-9EDB-F086DFD0FD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ECE904-F0B8-4194-B35B-1A7404602CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09011058-0F31-4D8E-B1BB-3E3DC4437955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A48919-3F8F-41FC-9831-45766D3C3478",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address"
},
{
"lang": "es",
"value": "Mautic, de la versi\u00f3n 2.0.0 a la 2.11.0, con un plugin SSO instalado podr\u00eda permitir que un usuario deshabilitado pueda seguir iniciando sesi\u00f3n mediante una direcci\u00f3n de correo electr\u00f3nico."
}
],
"id": "CVE-2017-1000489",
"lastModified": "2024-11-21T03:04:51.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-03T17:29:00.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-09 23:29
Modified
2024-11-21 03:04
Severity ?
Summary
Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mautic/mautic/issues/5222 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/issues/5222 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D05D8DC2-ED57-417E-84CB-2A9727B32D1F",
"versionEndIncluding": "2.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company\u0027s name that can result in denial of service and execution of javascript code."
},
{
"lang": "es",
"value": "Mautic, en versiones 2.11.0 y anteriores, contiene una vulnerabilidad de Cross Site Scripting (XSS) en el nombre de compa\u00f1\u00eda que puede resultar en una denegaci\u00f3n de servicio (DoS) y en la ejecuci\u00f3n de c\u00f3digo JavaScript."
}
],
"id": "CVE-2017-1000506",
"lastModified": "2024-11-21T03:04:53.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-09T23:29:00.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/issues/5222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/issues/5222"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-03 16:29
Modified
2024-11-21 03:04
Severity ?
Summary
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mautic/mautic/releases/tag/2.12.0 | Exploit, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/releases/tag/2.12.0 | Exploit, Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acquia | mautic | 2.1.0 | |
| acquia | mautic | 2.1.1 | |
| acquia | mautic | 2.2.0 | |
| acquia | mautic | 2.2.1 | |
| acquia | mautic | 2.3.0 | |
| acquia | mautic | 2.4.0 | |
| acquia | mautic | 2.5.0 | |
| acquia | mautic | 2.5.1 | |
| acquia | mautic | 2.6.0 | |
| acquia | mautic | 2.6.1 | |
| acquia | mautic | 2.7.0 | |
| acquia | mautic | 2.7.1 | |
| acquia | mautic | 2.8.0 | |
| acquia | mautic | 2.8.1 | |
| acquia | mautic | 2.8.2 | |
| acquia | mautic | 2.9.0 | |
| acquia | mautic | 2.9.1 | |
| acquia | mautic | 2.10.0 | |
| acquia | mautic | 2.10.1 | |
| acquia | mautic | 2.11.0 | |
| mautic | mautic | 2.9.0 | |
| mautic | mautic | 2.9.2 | |
| mautic | mautic | 2.10.0 | |
| mautic | mautic | 2.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "821E491B-4306-43D8-9884-D26D557B85C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "067FE5C3-BD71-4F6F-9777-9429FBCD2669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352CCA25-B7E2-4878-83CD-D444DE1A4D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F537D29E-267F-41DA-A7D6-EAE8F2F1D0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6295440-4EB3-45EE-86B7-A06041580114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65FE8140-C008-4271-862A-02D8338E7471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F69C10-F74A-4399-9665-75C62AF1ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2343A267-12F1-4720-B548-74201E57CC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7CE6166-E6FA-40D7-9EA7-C329DA8396D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0E77CC-1C9E-47A1-A48D-1A098537F1EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4E6411-EF70-4AFA-A5EA-B4B31E3B87FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49602924-B1C2-40AB-9711-582B910C5135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF326AC-1598-4E5D-9138-74C9BB07D217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59461408-E345-40BE-8E0F-F6A6963B3815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504AFF4D-A70A-4AEB-A4F6-01146BD7DAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.9.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "578537AC-BF31-43D7-B80A-B5AD235882A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "477202B1-9A31-4C8A-9B22-B296BC413838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "AF978F65-E884-4814-8C37-38F699720069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95D68FA7-8E9C-4F94-89AC-05389DB5FC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "B650408E-4D7E-48C0-AF62-3C79DD5ACD52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEC05DD-9E41-4D78-9EDB-F086DFD0FD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ECE904-F0B8-4194-B35B-1A7404602CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09011058-0F31-4D8E-B1BB-3E3DC4437955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A48919-3F8F-41FC-9831-45766D3C3478",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form."
},
{
"lang": "es",
"value": "Mautic, de la versi\u00f3n 2.1.0 a la 2.11.0, es vulnerable a un ataque en l\u00ednea de JS XSS al emplear formularios Mautic en una p\u00e1gina de aterrizaje mediante par\u00e1metros GET para prerrellenar el formulario."
}
],
"id": "CVE-2017-1000488",
"lastModified": "2024-11-21T03:04:50.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-03T16:29:00.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-27910 (GCVE-0-2021-27910)
Vulnerability from cvelistv5
Published
2021-08-30 15:55
Modified
2024-09-17 01:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "error_related_to" parameters of the POST request of the bounce management callback will be permanently stored and executed once the details page of an affected lead is opened by a Mautic user. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the "error" and "error_related_to" parameters of the POST request (POST /mailer/<product / webhook>/callback). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fixed by Zdeno Kuzmany, Webmecanik"
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the \"error\" and \"error_related_to\" parameters of the POST request of the bounce management callback will be permanently stored and executed once the details page of an affected lead is opened by a Mautic user. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the \"error\" and \"error_related_to\" parameters of the POST request (POST /mailer/\u003cproduct / webhook\u003e/callback). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T15:55:08",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f"
}
],
"source": {
"defect": [
"MST-17"
],
"discovery": "UNKNOWN"
},
"title": "Stored XSS vulnerability on Bounce Management Callback",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-08-30T14:06:00.000Z",
"ID": "CVE-2021-27910",
"STATE": "PUBLIC",
"TITLE": "Stored XSS vulnerability on Bounce Management Callback"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.4"
},
{
"version_affected": "\u003c",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Fixed by Zdeno Kuzmany, Webmecanik"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the \"error\" and \"error_related_to\" parameters of the POST request of the bounce management callback will be permanently stored and executed once the details page of an affected lead is opened by a Mautic user. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the \"error\" and \"error_related_to\" parameters of the POST request (POST /mailer/\u003cproduct / webhook\u003e/callback). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f"
}
]
},
"source": {
"defect": [
"MST-17"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27910",
"datePublished": "2021-08-30T15:55:08.436773Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-17T01:25:50.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47058 (GCVE-0-2024-47058)
Vulnerability from cvelistv5
Published
2024-09-18 21:00
Modified
2024-09-19 15:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:42:03.651742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:42:11.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.13",
"status": "affected",
"version": "\u003e= 1.0.0",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.1.1",
"status": "affected",
"version": "\u003e= 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "MatisAct"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Avikarsha Saha"
}
],
"datePublic": "2024-09-18T20:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user\u0027s current session.\u003cbr\u003e"
}
],
"value": "With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user\u0027s current session."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:00:28.950Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.13 or 5.1.1."
}
],
"value": "Update to 4.4.13 or 5.1.1."
}
],
"source": {
"advisory": "GHSA-xv68-rrmw-9xwf",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting (XSS) - stored (edit form HTML field)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47058",
"datePublished": "2024-09-18T21:00:28.950Z",
"dateReserved": "2024-09-17T13:41:00.585Z",
"dateUpdated": "2024-09-19T15:42:11.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27908 (GCVE-0-2021-27908)
Vulnerability from cvelistv5
Published
2021-03-23 19:11
Modified
2024-09-16 16:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Petr Gregor, Acquia"
},
{
"lang": "en",
"value": "Fixed by Miroslav Fedeles, Acquia"
}
],
"datePublic": "2021-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic\u2019s configuration that are used in publicly facing parts of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T19:11:56",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-03-22T20:15:00.000Z",
"ID": "CVE-2021-27908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.2"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by Petr Gregor, Acquia"
},
{
"lang": "eng",
"value": "Fixed by Miroslav Fedeles, Acquia"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic\u2019s configuration that are used in publicly facing parts of the application."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27908",
"datePublished": "2021-03-23T19:11:56.967620Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-16T16:23:48.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25774 (GCVE-0-2022-25774)
Vulnerability from cvelistv5
Published
2024-09-18 14:54
Modified
2024-09-18 21:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.
Users could inject malicious code into the notification when saving Dashboards.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:55:13.111344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:55:21.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"status": "affected",
"version": "\u003c 4.4.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Vautia"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Zdeno Kuzmany"
},
{
"lang": "en",
"type": "remediation verifier",
"value": "John Linhart"
}
],
"datePublic": "2024-04-12T13:52:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePrior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.\u003c/p\u003e\u003cp\u003eUsers could inject malicious code into the notification when saving Dashboards.\u003c/p\u003e"
}
],
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.\n\nUsers could inject malicious code into the notification when saving Dashboards."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:29:02.453Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.12 or later."
}
],
"value": "Update to 4.4.12 or later."
}
],
"source": {
"advisory": "GHSA-fhcx-f7jg-jx3fv",
"discovery": "EXTERNAL"
},
"title": "XSS in Notifications via saving Dashboards",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25774",
"datePublished": "2024-09-18T14:54:36.249Z",
"dateReserved": "2022-02-22T20:17:36.805Z",
"dateUpdated": "2024-09-18T21:29:02.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25770 (GCVE-0-2022-25770)
Vulnerability from cvelistv5
Published
2024-09-18 21:26
Modified
2024-09-19 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
Mautic allows you to update the application via an upgrade script.
The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.
This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:47:02.190322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:47:14.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core-lib",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.13",
"status": "affected",
"version": "\u003e= 1.0.0-beta3",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.1.1.",
"status": "affected",
"version": "\u003e= 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Zdeno Kuzmany"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
}
],
"datePublic": "2024-09-18T20:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mautic allows you to update the application via an upgrade script.\u003cbr\u003e\u003cbr\u003eThe upgrade logic isn\u0027t shielded off correctly, which may lead to vulnerable situation.\u003cbr\u003e\u003cbr\u003eThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.\u003cbr\u003e"
}
],
"value": "Mautic allows you to update the application via an upgrade script.\n\nThe upgrade logic isn\u0027t shielded off correctly, which may lead to vulnerable situation.\n\nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:26:34.059Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to 4.4.13 or 5.1.1 or higher."
}
],
"value": "Upgrade to 4.4.13 or 5.1.1 or higher."
}
],
"source": {
"advisory": "GHSA-qf6m-6m4g-rmrc",
"discovery": "INTERNAL"
},
"title": "Insufficient authentication in upgrade flow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25770",
"datePublished": "2024-09-18T21:26:34.059Z",
"dateReserved": "2022-02-22T20:17:36.804Z",
"dateUpdated": "2024-09-19T14:47:14.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47055 (GCVE-0-2024-47055)
Vulnerability from cvelistv5
Published
2025-05-28 17:34
Modified
2025-05-29 19:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks.
Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones.
MitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47055",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T19:02:39.346633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T19:02:53.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 5.2.6, \u003c 6.0.2",
"status": "affected",
"version": "\u003e 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abhisek Mazumdar"
},
{
"lang": "en",
"type": "reporter",
"value": "Abhisek Mazumdar"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Abhisek Mazumdar"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Nick Vanpraet"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch3\u003eSummary\u003c/h3\u003e\u003cp\u003eThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks.\u003c/p\u003e\u003cp\u003eInsecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the \u003ccode\u003ecloneAction\u003c/code\u003e\u0026nbsp;of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones.\u003c/p\u003e\u003ch3\u003eMitigation\u003c/h3\u003e\u003cp\u003eUpdate Mautic to a version that implements proper authorization checks for the \u003ccode\u003ecloneAction\u003c/code\u003e\u0026nbsp;within the \u003ccode\u003eListController.php\u003c/code\u003e. Ensure that users attempting to clone segments possess the appropriate creation permissions.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks.\n\nInsecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the cloneAction\u00a0of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones.\n\nMitigationUpdate Mautic to a version that implements proper authorization checks for the cloneAction\u00a0within the ListController.php. Ensure that users attempting to clone segments possess the appropriate creation permissions."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:34:32.181Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782"
}
],
"source": {
"advisory": "GHSA-vph5-ghq3-q782",
"discovery": "UNKNOWN"
},
"title": "Segment cloning doesn\u0027t have a proper permission check",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47055",
"datePublished": "2025-05-28T17:34:32.181Z",
"dateReserved": "2024-09-17T13:41:00.584Z",
"dateUpdated": "2025-05-29T19:02:53.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27911 (GCVE-0-2021-27911)
Vulnerability from cvelistv5
Published
2021-08-30 15:55
Modified
2024-09-16 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Hoang Nguyen https://github.com/MatisAct, Fixed by Rohit Pavaskar https://github.com/rohitp19"
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact\u0027s first or last name and triggered when viewing a contact\u0027s details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T15:55:12",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc"
}
],
"source": {
"defect": [
"MST-15"
],
"discovery": "EXTERNAL"
},
"title": "XSS vulnerability on contacts view",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-08-30T14:06:00.000Z",
"ID": "CVE-2021-27911",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability on contacts view"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.4"
},
{
"version_affected": "\u003c",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Hoang Nguyen https://github.com/MatisAct, Fixed by Rohit Pavaskar https://github.com/rohitp19"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact\u0027s first or last name and triggered when viewing a contact\u0027s details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc"
}
]
},
"source": {
"defect": [
"MST-15"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27911",
"datePublished": "2021-08-30T15:55:12.869897Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-16T22:30:01.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000506 (GCVE-0-2017-1000506)
Vulnerability from cvelistv5
Published
2018-02-09 23:00
Modified
2024-08-05 22:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/issues/5222"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"datePublic": "2017-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company\u0027s name that can result in denial of service and execution of javascript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-09T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mautic/mautic/issues/5222"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "12/29/2017 15:17:09",
"ID": "CVE-2017-1000506",
"REQUESTER": "sajeeb.lohani@bulletproof.sh",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company\u0027s name that can result in denial of service and execution of javascript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/issues/5222",
"refsource": "CONFIRM",
"url": "https://github.com/mautic/mautic/issues/5222"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000506",
"datePublished": "2018-02-09T23:00:00",
"dateReserved": "2018-01-29T00:00:00",
"dateUpdated": "2024-08-05T22:00:41.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27912 (GCVE-0-2021-27912)
Vulnerability from cvelistv5
Published
2021-08-30 15:55
Modified
2024-09-16 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Hoang Nguyen https://github.com/MatisAct, Fixed by Rohit Pavaskar https://github.com/rohitp19"
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T15:55:17",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8"
}
],
"source": {
"defect": [
"MST-15"
],
"discovery": "EXTERNAL"
},
"title": "XSS vulnerability on asset view",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-08-30T14:06:00.000Z",
"ID": "CVE-2021-27912",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability on asset view"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.4"
},
{
"version_affected": "\u003c",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Hoang Nguyen https://github.com/MatisAct, Fixed by Rohit Pavaskar https://github.com/rohitp19"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8"
}
]
},
"source": {
"defect": [
"MST-15"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27912",
"datePublished": "2021-08-30T15:55:17.220890Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-16T16:17:39.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000488 (GCVE-0-2017-1000488)
Vulnerability from cvelistv5
Published
2018-01-03 16:00
Modified
2024-09-16 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000488",
"REQUESTER": "alan.hartless@mautic.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/releases/tag/2.12.0",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000488",
"datePublished": "2018-01-03T16:00:00Z",
"dateReserved": "2018-01-03T00:00:00Z",
"dateUpdated": "2024-09-16T23:46:50.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5257 (GCVE-0-2025-5257)
Vulnerability from cvelistv5
Published
2025-05-28 16:17
Modified
2025-05-28 23:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Summary
SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information.
Unauthorized Access to Unpublished Page Previews: The page preview functionality for unpublished content, accessible via predictable URLs (e.g., /page/preview/1, /page/preview/2), lacked proper authorization checks. This allowed any unauthenticated user to view content that was not yet intended for public release, and allowed search engines to index these private preview URLs, making the content publicly discoverable.
MitigationMautic has patched this vulnerability by enforcing proper permission checks on preview pages. Users should upgrade to the patched version of Mautic or later.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T23:41:33.783649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T23:43:08.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 6.0.2, \u003c5.4.6, \u003c4.4.16",
"status": "affected",
"version": "\u003e 4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Zdeno Kuzmany"
},
{
"lang": "en",
"type": "reporter",
"value": "Lenon Leite"
}
],
"datePublic": "2025-05-28T16:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch2\u003eSummary\u003c/h2\u003eThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information.\u003cbr\u003e\u003cbr\u003eUnauthorized Access to Unpublished Page Previews: The page preview functionality for unpublished content, accessible via predictable URLs (e.g., \u003ccode\u003e/page/preview/1\u003c/code\u003e, \u003ccode\u003e/page/preview/2\u003c/code\u003e), lacked proper authorization checks. This allowed any unauthenticated user to view content that was not yet intended for public release, and allowed search engines to index these private preview URLs, making the content publicly discoverable.\u003cbr\u003e\u003ch2\u003eMitigation\u003c/h2\u003eMautic has patched this vulnerability by enforcing proper permission checks on preview pages. Users should upgrade to the patched version of Mautic or later.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information.\n\nUnauthorized Access to Unpublished Page Previews: The page preview functionality for unpublished content, accessible via predictable URLs (e.g., /page/preview/1, /page/preview/2), lacked proper authorization checks. This allowed any unauthenticated user to view content that was not yet intended for public release, and allowed search engines to index these private preview URLs, making the content publicly discoverable.\nMitigationMautic has patched this vulnerability by enforcing proper permission checks on preview pages. Users should upgrade to the patched version of Mautic or later."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:38:10.472Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-cqx4-9vqf-q3m8"
}
],
"source": {
"advisory": "GHSA-cqx4-9vqf-q3m8",
"discovery": "INTERNAL"
},
"title": "Predictable Page Indexing Might Lead to Sensitive Data Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2025-5257",
"datePublished": "2025-05-28T16:17:54.013Z",
"dateReserved": "2025-05-27T11:11:39.399Z",
"dateUpdated": "2025-05-28T23:43:08.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47059 (GCVE-0-2024-47059)
Vulnerability from cvelistv5
Published
2024-09-18 21:19
Modified
2024-09-25 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.
However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification.
This difference could be used to perform username enumeration.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mautic",
"vendor": "mautic",
"versions": [
{
"lessThan": "5.1.1",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T20:45:37.083409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T20:46:12.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 5.1.1",
"status": "affected",
"version": "\u003e= 5.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation verifier",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Tomasz Kowalczyk"
},
{
"lang": "en",
"type": "finder",
"value": "Rafa\u0142 Kami\u0144ski"
}
],
"datePublic": "2024-09-18T20:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.\u003cbr\u003e\u003cbr\u003eHowever when an incorrect username is provided alongside with a weak password, the application responds with \u2019Invalid credentials\u2019 notification.\u003cbr\u003e\u003cbr\u003eThis difference could be used to perform username enumeration."
}
],
"value": "When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.\n\nHowever when an incorrect username is provided alongside with a weak password, the application responds with \u2019Invalid credentials\u2019 notification.\n\nThis difference could be used to perform username enumeration."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575 Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T19:29:53.542Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-8vff-35qm-qjvv"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 5.1.1 or later."
}
],
"value": "Update to 5.1.1 or later."
}
],
"source": {
"advisory": "GHSA-8vff-35qm-qjvv",
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-08-06T13:09:00.000Z",
"value": "Issue reported"
},
{
"lang": "en",
"time": "2024-08-06T13:10:00.000Z",
"value": "Fix proposed"
},
{
"lang": "en",
"time": "2023-09-17T12:23:00.000Z",
"value": "QA passed"
}
],
"title": "Users enumeration - weak password login",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47059",
"datePublished": "2024-09-18T21:19:26.951Z",
"dateReserved": "2024-09-17T13:41:00.585Z",
"dateUpdated": "2024-09-25T20:46:12.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25776 (GCVE-0-2022-25776)
Vulnerability from cvelistv5
Published
2024-09-18 15:06
Modified
2024-09-18 21:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.
Users could potentially access sensitive data such as names and surnames, company names and stage names.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:58:56.678996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:59:05.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.12",
"status": "affected",
"version": "\u003e= 1.0.2",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.0.4",
"status": "affected",
"version": "\u003e5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "infosec-it-init"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Avikarsha Saha"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"datePublic": "2024-04-12T17:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePrior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.\u003c/p\u003e\u003cp\u003eUsers could potentially access sensitive data such as names and surnames, company names and stage names.\u003c/p\u003e"
}
],
"value": "Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.\n\nUsers could potentially access sensitive data such as names and surnames, company names and stage names."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:31:01.738Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.12 or 5.0.4 or later."
}
],
"value": "Update to 4.4.12 or 5.0.4 or later."
}
],
"source": {
"advisory": "GHSA-qjx3-2g35-6hv8",
"discovery": "EXTERNAL"
},
"title": "Sensitive Data Exposure due to inadequate user permission settings",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25776",
"datePublished": "2024-09-18T15:06:54.543Z",
"dateReserved": "2022-02-22T20:17:36.805Z",
"dateUpdated": "2024-09-18T21:31:01.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000490 (GCVE-0-2017-1000490)
Vulnerability from cvelistv5
Published
2018-01-03 17:00
Modified
2024-09-16 16:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000490",
"REQUESTER": "alan.hartless@mautic.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/releases/tag/2.12.0",
"refsource": "CONFIRM",
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000490",
"datePublished": "2018-01-03T17:00:00Z",
"dateReserved": "2018-01-03T00:00:00Z",
"dateUpdated": "2024-09-16T16:47:37.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47050 (GCVE-0-2024-47050)
Vulnerability from cvelistv5
Published
2024-09-18 21:04
Modified
2024-09-19 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:41:10.814610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:41:19.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.13",
"status": "affected",
"version": "\u003e= 2.6.0",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.1.1",
"status": "affected",
"version": "\u003e 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mqrtin"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to this patch being applied, Mautic\u0027s tracking was vulnerable to Cross-Site Scripting through the Page URL variable.\u003cbr\u003e"
}
],
"value": "Prior to this patch being applied, Mautic\u0027s tracking was vulnerable to Cross-Site Scripting through the Page URL variable."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:04:46.642Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.13 or 5.1.1 or higher."
}
],
"value": "Update to 4.4.13 or 5.1.1 or higher."
}
],
"source": {
"advisory": "GHSA-73gr-32wg-qhh7",
"discovery": "EXTERNAL"
},
"title": "XSS in contact/company tracking (no authentication)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47050",
"datePublished": "2024-09-18T21:04:46.642Z",
"dateReserved": "2024-09-17T13:41:00.584Z",
"dateUpdated": "2024-09-19T15:41:19.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5256 (GCVE-0-2025-5256)
Vulnerability from cvelistv5
Published
2025-05-28 17:47
Modified
2025-05-28 17:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Summary
SummaryThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits.
Open Redirection via returnUrl Parameter: An Open Redirection vulnerability exists in the /s/action/unlock/user.user/0 endpoint. The returnUrl parameter, intended for post-action redirection, is not properly validated. This allows an attacker to craft a URL that, when clicked by a user, redirects them to an arbitrary external website controlled by the attacker.
MitigationUpdate Mautic to a version that properly validates or sanitizes the returnUrl parameter to ensure that redirects only occur to trusted, internal URLs or explicitly whitelisted domains.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T17:57:26.464452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:57:39.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 6.0.2, \u003c 5.2.6, \u003c 4.4.16",
"status": "affected",
"version": "\u003e 1.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tomasz Kowalczyk"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Tomasz Kowalczyk"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Nick Vanpraet"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
}
],
"datePublic": "2025-05-28T16:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch3\u003eSummary\u003c/h3\u003e\u003cp\u003eThis advisory addresses an Open Redirection vulnerability in Mautic\u0027s user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits.\u003c/p\u003e\u003cp\u003eOpen Redirection via \u003ccode\u003ereturnUrl\u003c/code\u003e\u0026nbsp;Parameter: An Open Redirection vulnerability exists in the \u003ccode\u003e/s/action/unlock/user.user/0\u003c/code\u003e\u0026nbsp;endpoint. The \u003ccode\u003ereturnUrl\u003c/code\u003e\u0026nbsp;parameter, intended for post-action redirection, is not properly validated. This allows an attacker to craft a URL that, when clicked by a user, redirects them to an arbitrary external website controlled by the attacker.\u003c/p\u003e\u003ch3\u003eMitigation\u003c/h3\u003e\u003cp\u003eUpdate Mautic to a version that properly validates or sanitizes the \u003ccode\u003ereturnUrl\u003c/code\u003e\u0026nbsp;parameter to ensure that redirects only occur to trusted, internal URLs or explicitly whitelisted domains.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "SummaryThis advisory addresses an Open Redirection vulnerability in Mautic\u0027s user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits.\n\nOpen Redirection via returnUrl\u00a0Parameter: An Open Redirection vulnerability exists in the /s/action/unlock/user.user/0\u00a0endpoint. The returnUrl\u00a0parameter, intended for post-action redirection, is not properly validated. This allows an attacker to craft a URL that, when clicked by a user, redirects them to an arbitrary external website controlled by the attacker.\n\nMitigationUpdate Mautic to a version that properly validates or sanitizes the returnUrl\u00a0parameter to ensure that redirects only occur to trusted, internal URLs or explicitly whitelisted domains."
}
],
"impacts": [
{
"capecId": "CAPEC-98",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-98 Phishing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:47:05.674Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-6vx9-9r2g-8373"
}
],
"source": {
"advisory": "GHSA-6vx9-9r2g-8373",
"discovery": "USER"
},
"title": "Open Redirect vulnerability on user unlock path",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2025-5256",
"datePublished": "2025-05-28T17:47:05.674Z",
"dateReserved": "2025-05-27T11:11:29.734Z",
"dateUpdated": "2025-05-28T17:57:39.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10189 (GCVE-0-2018-10189)
Vulnerability from cvelistv5
Published
2018-04-17 20:00
Modified
2024-09-17 00:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:32:01.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-17T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/releases/tag/2.13.0",
"refsource": "CONFIRM",
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10189",
"datePublished": "2018-04-17T20:00:00Z",
"dateReserved": "2018-04-17T00:00:00Z",
"dateUpdated": "2024-09-17T00:31:14.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000046 (GCVE-0-2017-1000046)
Vulnerability from cvelistv5
Published
2017-07-13 20:00
Modified
2024-08-05 21:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mautic 2.6.1 and earlier fails to set flags on session cookies
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustmatta.com/advisories/MATTA-2017-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-05-06T00:00:00",
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic 2.6.1 and earlier fails to set flags on session cookies"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-13T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustmatta.com/advisories/MATTA-2017-002.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.294226",
"ID": "CVE-2017-1000046",
"REQUESTER": "florent.daigniere@trustmatta.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic 2.6.1 and earlier fails to set flags on session cookies"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustmatta.com/advisories/MATTA-2017-002.txt",
"refsource": "MISC",
"url": "https://www.trustmatta.com/advisories/MATTA-2017-002.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000046",
"datePublished": "2017-07-13T20:00:00",
"dateReserved": "2017-07-10T00:00:00",
"dateUpdated": "2024-08-05T21:53:06.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25775 (GCVE-0-2022-25775)
Vulnerability from cvelistv5
Published
2024-09-18 15:01
Modified
2024-09-18 21:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.
The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mautic",
"vendor": "mautic",
"versions": [
{
"lessThan": "4.4.12",
"status": "affected",
"version": "2.14.1",
"versionType": "semver"
},
{
"lessThan": "5.0.4",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:46:22.968034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:47:36.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.12",
"status": "affected",
"version": "\u003e= 2.14.1",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.0.4",
"status": "affected",
"version": "\u003e 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "a-solovev"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation developer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Akivarsha Saha"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePrior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.\u003c/p\u003e\u003cp\u003eThe user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.\u003c/p\u003e"
}
],
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.\n\nThe user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:30:23.104Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.12 or 5.0.4 or higher."
}
],
"value": "Update to 4.4.12 or 5.0.4 or higher."
}
],
"source": {
"advisory": "GHSA-jj6w-2cqg-7p94",
"discovery": "EXTERNAL"
},
"title": "SQL Injection in dynamic Reports",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25775",
"datePublished": "2024-09-18T15:01:23.529Z",
"dateReserved": "2022-02-22T20:17:36.805Z",
"dateUpdated": "2024-09-18T21:30:23.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000489 (GCVE-0-2017-1000489)
Vulnerability from cvelistv5
Published
2018-01-03 17:00
Modified
2024-09-17 00:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000489",
"REQUESTER": "alan.hartless@mautic.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/releases/tag/2.12.0",
"refsource": "CONFIRM",
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000489",
"datePublished": "2018-01-03T17:00:00Z",
"dateReserved": "2018-01-03T00:00:00Z",
"dateUpdated": "2024-09-17T00:42:20.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27909 (GCVE-0-2021-27909)
Vulnerability from cvelistv5
Published
2021-08-30 16:00
Modified
2024-09-16 20:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by https://github.com/ZhenwarX, Fixed by Mohit Aghera https://github.com/mohit-rocks"
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic\u0027s password reset page where a vulnerable parameter, \"bundle,\" in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T16:00:10",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc"
}
],
"source": {
"defect": [
"MST-16"
],
"discovery": "EXTERNAL"
},
"title": "XSS vulnerability on password reset page",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-08-30T14:06:00.000Z",
"ID": "CVE-2021-27909",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability on password reset page"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.4"
},
{
"version_affected": "\u003c",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by https://github.com/ZhenwarX, Fixed by Mohit Aghera https://github.com/mohit-rocks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic\u0027s password reset page where a vulnerable parameter, \"bundle,\" in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc"
}
]
},
"source": {
"defect": [
"MST-16"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27909",
"datePublished": "2021-08-30T16:00:10.951539Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-16T20:52:58.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27913 (GCVE-0-2021-27913)
Vulnerability from cvelistv5
Published
2021-08-30 15:55
Modified
2024-09-16 18:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Summary
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Michael Rowley https://github.com/michaellrowley, Fixed by Mohit Aghera https://github.com/mohit-rocks"
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T15:55:21",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3"
}
],
"source": {
"defect": [
"MST-18"
],
"discovery": "EXTERNAL"
},
"title": "Use of a Broken or Risky Cryptographic Algorithm",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-08-30T14:06:00.000Z",
"ID": "CVE-2021-27913",
"STATE": "PUBLIC",
"TITLE": "Use of a Broken or Risky Cryptographic Algorithm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.4"
},
{
"version_affected": "\u003c",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Michael Rowley https://github.com/michaellrowley, Fixed by Mohit Aghera https://github.com/mohit-rocks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3"
}
]
},
"source": {
"defect": [
"MST-18"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27913",
"datePublished": "2021-08-30T15:55:21.646676Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-16T18:08:08.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27916 (GCVE-0-2021-27916)
Vulnerability from cvelistv5
Published
2024-09-17 14:20
Modified
2024-09-18 21:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.
This vulnerability exists in the implementation of the GrapesJS builder in Mautic.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:57:12.983272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:57:32.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThanOrEqual": "\u003c= 4.4.11",
"status": "affected",
"version": "\u003e= 3.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c= 5.0.3",
"status": "affected",
"version": "\u003e= 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Adrian Schimpf"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Avikarsha Saha"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"datePublic": "2024-04-12T17:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.\u003cbr\u003e\u003cbr\u003eThis vulnerability exists in the implementation of the GrapesJS builder in Mautic.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.\n\nThis vulnerability exists in the implementation of the GrapesJS builder in Mautic."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:29:42.899Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to 4.4.12 or 5.0.4 or higher."
}
],
"value": "Upgrade to 4.4.12 or 5.0.4 or higher."
}
],
"source": {
"advisory": "GHSA-9fcx-cv56-w58p",
"discovery": "USER"
},
"title": "Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27916",
"datePublished": "2024-09-17T14:20:03.550Z",
"dateReserved": "2021-03-02T15:53:50.859Z",
"dateUpdated": "2024-09-18T21:29:42.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47057 (GCVE-0-2024-47057)
Vulnerability from cvelistv5
Published
2025-05-28 17:23
Modified
2025-05-29 18:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-203 - Observable Discrepancy
Summary
SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames.
User Enumeration via Timing Attack: A user enumeration vulnerability exists in the "Forget your password" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack.
MitigationPlease update to a version that addresses this timing vulnerability, where password reset responses are normalized to respond at the same time regardless of user existence.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47057",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T18:58:43.813621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T18:59:24.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 6.0.2, \u003c 5.2.6, \u003c 4.4.16",
"status": "affected",
"version": "\u003e 1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tomasz Kowalczyk"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Nick Vanpraet"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Tomasz Kowalczyk"
}
],
"datePublic": "2025-05-28T16:13:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch3\u003eSummary\u003c/h3\u003e\u003cp\u003eThis advisory addresses a security vulnerability in Mautic related to the \"Forget your password\" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames.\u003c/p\u003e\u003cp\u003eUser Enumeration via Timing Attack: A user enumeration vulnerability exists in the \"Forget your password\" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack.\u003c/p\u003e\u003ch3\u003eMitigation\u003c/h3\u003e\u003cp\u003ePlease update to a version that addresses this timing vulnerability, where password reset responses are normalized to respond at the same time regardless of user existence.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "SummaryThis advisory addresses a security vulnerability in Mautic related to the \"Forget your password\" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames.\n\nUser Enumeration via Timing Attack: A user enumeration vulnerability exists in the \"Forget your password\" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack.\n\nMitigationPlease update to a version that addresses this timing vulnerability, where password reset responses are normalized to respond at the same time regardless of user existence."
}
],
"impacts": [
{
"capecId": "CAPEC-112",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-112 Brute Force"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T17:36:36.493Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p"
}
],
"source": {
"advisory": "GHSA-424x-cxvh-wq9p",
"discovery": "UNKNOWN"
},
"title": "User name enumeration possible due to response time difference on password reset form",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47057",
"datePublished": "2025-05-28T17:23:53.064Z",
"dateReserved": "2024-09-17T13:41:00.585Z",
"dateUpdated": "2025-05-29T18:59:24.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35129 (GCVE-0-2020-35129)
Vulnerability from cvelistv5
Published
2021-01-19 13:05
Modified
2024-08-04 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user\u2019s behalf, including changing the user\u2019s password or email address or changing the attacker\u2019s user role from a low-privileged user to an administrator account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-19T13:05:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user\u2019s behalf, including changing the user\u2019s password or email address or changing the attacker\u2019s user role from a low-privileged user to an administrator account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.mautic.org/c/announcements/16",
"refsource": "MISC",
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"name": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35129",
"datePublished": "2021-01-19T13:05:32",
"dateReserved": "2020-12-11T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25768 (GCVE-0-2022-25768)
Vulnerability from cvelistv5
Published
2024-09-18 20:55
Modified
2024-09-19 15:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:42:37.075391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:42:44.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.13",
"status": "affected",
"version": "\u003e= 1.1.3",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.1.1",
"status": "affected",
"version": "\u003e= 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"datePublic": "2024-09-18T17:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.\u003c/p\u003e"
}
],
"value": "The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T20:55:53.187Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.13 or 5.1.1 or higher."
}
],
"value": "Update to 4.4.13 or 5.1.1 or higher."
}
],
"source": {
"advisory": "GHSA-x3jx-5w6m-q2fc",
"discovery": "USER"
},
"title": "Improper Access Control in UI upgrade process",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25768",
"datePublished": "2024-09-18T20:55:53.187Z",
"dateReserved": "2022-02-22T20:17:36.803Z",
"dateUpdated": "2024-09-19T15:42:44.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25769 (GCVE-0-2022-25769)
Vulnerability from cvelistv5
Published
2024-09-18 14:47
Modified
2024-09-18 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Summary
ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.
This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mautic",
"vendor": "mautic",
"versions": [
{
"lessThan": "3.3.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:10:59.918348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:12:16.003Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.5",
"versionType": "semver"
},
{
"status": "affected",
"version": "\u003c 4.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Zdeno Kuzmany"
}
],
"datePublic": "2022-03-02T14:47:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch2\u003eImpact\u003c/h2\u003eThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.\u003cbr\u003e\u003cbr\u003eThis logic isn\u0027t correct, as the regex in the second FilesMatch only checks the filename, not the full path."
}
],
"value": "ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.\n\nThis logic isn\u0027t correct, as the regex in the second FilesMatch only checks the filename, not the full path."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:28:12.305Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56"
},
{
"url": "https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to 3.3.5 or 4.2.0. \u003cbr\u003e\u003cbr\u003eIf you\u0027re using Mautic in a sub-folder with Apache \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e(e.g. example.com/mautic)\u003c/span\u003e, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eplease review the guidance in \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/mautic/mautic/issues/10913#issuecomment-1055681986\"\u003ethis GitHub issue\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;before updating, as you will probably need to make some changes to the .htaccess file after you update.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Upgrade to 3.3.5 or 4.2.0. \n\nIf you\u0027re using Mautic in a sub-folder with Apache (e.g. example.com/mautic), please review the guidance in this GitHub issue https://github.com/mautic/mautic/issues/10913#issuecomment-1055681986 \u00a0before updating, as you will probably need to make some changes to the .htaccess file after you update."
}
],
"source": {
"advisory": "GHSA-mj6m-246h-9w56",
"discovery": "UNKNOWN"
},
"title": "Improper regex in htaccess file",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25769",
"datePublished": "2024-09-18T14:47:09.029Z",
"dateReserved": "2022-02-22T20:17:36.804Z",
"dateUpdated": "2024-09-18T21:28:12.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27914 (GCVE-0-2021-27914)
Vulnerability from cvelistv5
Published
2022-06-01 15:20
Modified
2024-08-03 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Mattias Michaux, Dropsolid"
},
{
"lang": "en",
"value": "Fixed by Mattias Michaux, Dropsolid"
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T15:20:10",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"ID": "CVE-2021-27914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.3.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Mattias Michaux, Dropsolid"
},
{
"lang": "eng",
"value": "Fixed by Mattias Michaux, Dropsolid"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27914",
"datePublished": "2022-06-01T15:20:10",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25772 (GCVE-0-2022-25772)
Vulnerability from cvelistv5
Published
2022-06-20 00:00
Modified
2024-08-03 04:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:44.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Mattias Michaux, Dropsolid"
},
{
"lang": "en",
"value": "Fixed by Mattias Michaux, Dropsolid"
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T00:00:00",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25772",
"datePublished": "2022-06-20T00:00:00",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:44.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3448 (GCVE-0-2024-3448)
Vulnerability from cvelistv5
Published
2024-04-10 13:59
Modified
2024-08-01 20:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mautic",
"vendor": "mautic",
"versions": [
{
"lessThanOrEqual": "4.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3448",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T17:28:32.074277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T18:20:01.583Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:12:07.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://huntr.com/bounties/4d72d300-92d6-4e3c-93d8-52fe47396ae0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Mautic",
"programFiles": [
"https://github.com/mautic/mautic/blob/4.4.9/plugins/MauticFocusBundle/Controller/AjaxController.php#L17"
],
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThanOrEqual": "4.4.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZHAW Information Security Research Group"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUsers with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to \u003ctt\u003eajax?action=plugin:focus:checkIframeAvailability\u003c/tt\u003e leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T13:59:46.536Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/4d72d300-92d6-4e3c-93d8-52fe47396ae0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Access Control Leads to Server-Side Request Forgery in Mautic",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2024-3448",
"datePublished": "2024-04-10T13:59:46.536Z",
"dateReserved": "2024-04-08T08:27:37.805Z",
"dateUpdated": "2024-08-01T20:12:07.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27917 (GCVE-0-2021-27917)
Vulnerability from cvelistv5
Published
2024-09-18 21:09
Modified
2024-09-19 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:40:34.799089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:40:48.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.13",
"status": "affected",
"version": "\u003e= 1.0.0-beta4",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.1.1",
"status": "affected",
"version": "\u003e= 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"datePublic": "2024-09-18T20:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.\u003cbr\u003e"
}
],
"value": "Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:09:09.987Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.13 or 5.1.1 or later."
}
],
"value": "Update to 4.4.13 or 5.1.1 or later."
}
],
"source": {
"advisory": "GHSA-xpc5-rr39-v8v2",
"discovery": "USER"
},
"title": "XSS in contact tracking and page hits report",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27917",
"datePublished": "2024-09-18T21:09:09.987Z",
"dateReserved": "2021-03-02T15:53:50.859Z",
"dateUpdated": "2024-09-19T15:40:48.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25777 (GCVE-0-2022-25777)
Vulnerability from cvelistv5
Published
2024-09-18 15:13
Modified
2024-09-18 21:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:16:39.934782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:17:51.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.12",
"status": "affected",
"version": "\u003e= 1.0.0-beta4",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.0.4",
"status": "affected",
"version": "\u003e 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "a-solovev"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Avikarsha Shah"
}
],
"datePublic": "2024-04-12T09:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePrior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.\u003c/p\u003e"
}
],
"value": "Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:32:05.348Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please update to 4.4.12 or 5.0.4 or later."
}
],
"value": "Please update to 4.4.12 or 5.0.4 or later."
}
],
"source": {
"advisory": "GHSA-mgv8-w49f-822w",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery in Asset section",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25777",
"datePublished": "2024-09-18T15:13:52.308Z",
"dateReserved": "2022-02-22T20:17:36.805Z",
"dateUpdated": "2024-09-18T21:32:05.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8092 (GCVE-0-2018-8092)
Vulnerability from cvelistv5
Published
2018-04-18 08:00
Modified
2024-08-05 06:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mautic before 2.13.0 allows CSV injection.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:12.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic before 2.13.0 allows CSV injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic before 2.13.0 allows CSV injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/releases/tag/2.13.0",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8092",
"datePublished": "2018-04-18T08:00:00",
"dateReserved": "2018-03-13T00:00:00",
"dateUpdated": "2024-08-05T06:46:12.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27915 (GCVE-0-2021-27915)
Vulnerability from cvelistv5
Published
2024-09-17 14:02
Modified
2024-09-17 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.
This could lead to the user having elevated access to the system.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mautic",
"vendor": "mautic",
"versions": [
{
"lessThanOrEqual": "4.4.11",
"status": "affected",
"version": "1.0.0-beta2",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:59:08.355119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T16:01:29.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core-lib",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThanOrEqual": "\u003c= 4.4.11",
"status": "affected",
"version": "\u003e= 1.0.0-beta2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "finder",
"value": "Lenon Leite"
}
],
"datePublic": "2024-04-11T09:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePrior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis could lead to the user having elevated access to the system.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.\n\nThis could lead to the user having elevated access to the system."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:02:09.969Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.12 or later."
}
],
"value": "Update to 4.4.12 or later."
}
],
"source": {
"advisory": "https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2",
"discovery": "INTERNAL"
},
"title": "XSS Cross-site Scripting Stored (XSS) - Description field",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27915",
"datePublished": "2024-09-17T14:02:09.969Z",
"dateReserved": "2021-03-02T15:53:50.859Z",
"dateUpdated": "2024-09-17T16:01:29.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2730 (GCVE-0-2024-2730)
Vulnerability from cvelistv5
Published
2024-04-10 13:59
Modified
2024-08-09 16:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-425 - Direct Request ('Forced Browsing')
Summary
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:40.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://huntr.com/bounties/cd3321a4-9ebc-48fa-8d4c-b5720089c2d9"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "mautic",
"vendor": "mautic",
"versions": [
{
"lessThanOrEqual": "4.4.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2730",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-09T16:20:19.216386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T16:22:51.017Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Mautic",
"programFiles": [
"https://github.com/mautic/mautic/blob/4.4.9/app/bundles/PageBundle/Controller/PageController.php#L331"
],
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThanOrEqual": "4.4.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZHAW Information Security Research Group"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eMautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available \u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available \n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-87",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-87 Forceful Browsing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-425",
"description": "CWE-425 Direct Request (\u0027Forced Browsing\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T13:59:36.195Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/cd3321a4-9ebc-48fa-8d4c-b5720089c2d9"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2024-2730",
"datePublished": "2024-04-10T13:59:36.195Z",
"dateReserved": "2024-03-20T13:04:41.496Z",
"dateUpdated": "2024-08-09T16:22:51.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2731 (GCVE-0-2024-2731)
Vulnerability from cvelistv5
Published
2024-04-10 13:59
Modified
2024-08-01 19:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:acquia:mautic:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "mautic",
"vendor": "acquia",
"versions": [
{
"lessThanOrEqual": "4.4.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2731",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T15:34:06.551178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T18:09:08.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:25:41.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://huntr.com/bounties/4d72d300-92d6-4e3c-93d8-52fe47396ae0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Mautic",
"programFiles": [
"https://github.com/mautic/mautic/blob/fcc9051a74c16c333aa37dc282669b0ba7a27b8b/app/bundles/LeadBundle/Form/Type/CompanyMergeType.php#L41",
"https://github.com/mautic/mautic/blob/fcc9051a74c16c333aa37dc282669b0ba7a27b8b/app/bundles/LeadBundle/Controller/LeadController.php#L1923",
"https://github.com/mautic/mautic/blob/fcc9051a74c16c333aa37dc282669b0ba7a27b8b/app/bundles/LeadBundle/Controller/LeadController.php#L278"
],
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThanOrEqual": "4.4.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ZHAW Information Security Research Group"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUsers with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users\u0027 names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users\u0027 names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T13:59:41.407Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/4d72d300-92d6-4e3c-93d8-52fe47396ae0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2024-2731",
"datePublished": "2024-04-10T13:59:41.407Z",
"dateReserved": "2024-03-20T13:04:47.309Z",
"dateUpdated": "2024-08-01T19:25:41.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47056 (GCVE-0-2024-47056)
Vulnerability from cvelistv5
Published
2025-05-28 16:24
Modified
2025-05-28 23:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Summary
SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations.
Sensitive Information Disclosure via .env File Exposure: The .env file, which typically contains environment variables and sensitive application configurations, is directly accessible via a web browser due to missing web server configurations that restrict access to such files. This allows an unauthenticated attacker to view the contents of this file by simply navigating to its URL.
MitigationUpdate Mautic to the latest Mautic version.
By default, Mautic does not use .env files for production data.
For Apache users: Ensure your web server is configured to respect .htaccess files.
For Nginx users: As Nginx does not inherently support .htaccess files, you must manually add a configuration block to your Nginx server configuration to deny access to .env files. Add the following to your Nginx configuration for the Mautic site:
location ~ /\.env {
deny all;
}
After modifying your Nginx configuration, remember to reload or restart your Nginx service for the changes to take effect.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T23:45:38.445428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T23:47:09.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 6.0.2, \u003c 5.2.6, \u003c4.4.16",
"status": "affected",
"version": "\u003e 4.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "r3ky"
},
{
"lang": "en",
"type": "reporter",
"value": "r3ky"
},
{
"lang": "en",
"type": "analyst",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Nick Vanpraet"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch3\u003eSummary\u003c/h3\u003e\u003cp\u003eThis advisory addresses a security vulnerability in Mautic where sensitive \u003ccode\u003e.env\u003c/code\u003e\u0026nbsp;configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations.\u003c/p\u003e\u003cp\u003eSensitive Information Disclosure via \u003ccode\u003e.env\u003c/code\u003e\u0026nbsp;File Exposure: The \u003ccode\u003e.env\u003c/code\u003e\u0026nbsp;file, which typically contains environment variables and sensitive application configurations, is directly accessible via a web browser due to missing web server configurations that restrict access to such files. This allows an unauthenticated attacker to view the contents of this file by simply navigating to its URL.\u003c/p\u003e\u003ch3\u003eMitigation\u003c/h3\u003e\u003cp\u003eUpdate Mautic to the latest Mautic version.\u003c/p\u003e\u003cp\u003e\u003cb\u003eBy default, Mautic does not use \u003c/b\u003e\u003ccode\u003e\u003cb\u003e.env\u003c/b\u003e\u003c/code\u003e\u003cb\u003e\u0026nbsp;files for production data.\u003c/b\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor Apache users:\u003c/strong\u003e\u0026nbsp;Ensure your web server is configured to respect \u003ccode\u003e.htaccess\u003c/code\u003e\u0026nbsp;files.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFor Nginx users:\u003c/strong\u003e\u0026nbsp;As Nginx does not inherently support \u003ccode\u003e.htaccess\u003c/code\u003e\u0026nbsp;files, you must manually add a configuration block to your Nginx server configuration to deny access to \u003ccode\u003e.env\u003c/code\u003e\u0026nbsp;files. Add the following to your Nginx configuration for the Mautic site:\u003c/p\u003e\u003cdiv\u003e\u003cpre\u003elocation ~ /\\.env {\n deny all;\n}\u003c/pre\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003cp\u003eAfter modifying your Nginx configuration, remember to reload or restart your Nginx service for the changes to take effect.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env\u00a0configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations.\n\nSensitive Information Disclosure via .env\u00a0File Exposure: The .env\u00a0file, which typically contains environment variables and sensitive application configurations, is directly accessible via a web browser due to missing web server configurations that restrict access to such files. This allows an unauthenticated attacker to view the contents of this file by simply navigating to its URL.\n\nMitigationUpdate Mautic to the latest Mautic version.\n\nBy default, Mautic does not use .env\u00a0files for production data.\n\nFor Apache users:\u00a0Ensure your web server is configured to respect .htaccess\u00a0files.\n\nFor Nginx users:\u00a0As Nginx does not inherently support .htaccess\u00a0files, you must manually add a configuration block to your Nginx server configuration to deny access to .env\u00a0files. Add the following to your Nginx configuration for the Mautic site:\n\nlocation ~ /\\.env {\n deny all;\n}\n\n\n\n\n\nAfter modifying your Nginx configuration, remember to reload or restart your Nginx service for the changes to take effect."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T16:24:57.162Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh"
}
],
"source": {
"advisory": "GHSA-h2wg-v8wg-jhxh",
"discovery": "EXTERNAL"
},
"title": "Mautic does not shield .env files from web traffic",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47056",
"datePublished": "2025-05-28T16:24:57.162Z",
"dateReserved": "2024-09-17T13:41:00.584Z",
"dateUpdated": "2025-05-28T23:47:09.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8071 (GCVE-0-2018-8071)
Vulnerability from cvelistv5
Published
2018-04-18 08:00
Modified
2024-08-05 06:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mautic before v2.13.0 has stored XSS via a theme config file.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:46:12.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic before v2.13.0 has stored XSS via a theme config file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-18T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic before v2.13.0 has stored XSS via a theme config file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/releases/tag/2.13.0",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8071",
"datePublished": "2018-04-18T08:00:00",
"dateReserved": "2018-03-12T00:00:00",
"dateUpdated": "2024-08-05T06:46:12.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}