Vulnerabilites related to acquia - mautic
CVE-2021-27910 (GCVE-0-2021-27910)
Vulnerability from cvelistv5
Published
2021-08-30 15:55
Modified
2024-09-17 01:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "error_related_to" parameters of the POST request of the bounce management callback will be permanently stored and executed once the details page of an affected lead is opened by a Mautic user. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the "error" and "error_related_to" parameters of the POST request (POST /mailer/<product / webhook>/callback). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fixed by Zdeno Kuzmany, Webmecanik"
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the \"error\" and \"error_related_to\" parameters of the POST request of the bounce management callback will be permanently stored and executed once the details page of an affected lead is opened by a Mautic user. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the \"error\" and \"error_related_to\" parameters of the POST request (POST /mailer/\u003cproduct / webhook\u003e/callback). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T15:55:08",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f"
}
],
"source": {
"defect": [
"MST-17"
],
"discovery": "UNKNOWN"
},
"title": "Stored XSS vulnerability on Bounce Management Callback",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-08-30T14:06:00.000Z",
"ID": "CVE-2021-27910",
"STATE": "PUBLIC",
"TITLE": "Stored XSS vulnerability on Bounce Management Callback"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.4"
},
{
"version_affected": "\u003c",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Fixed by Zdeno Kuzmany, Webmecanik"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the \"error\" and \"error_related_to\" parameters of the POST request of the bounce management callback will be permanently stored and executed once the details page of an affected lead is opened by a Mautic user. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the \"error\" and \"error_related_to\" parameters of the POST request (POST /mailer/\u003cproduct / webhook\u003e/callback). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f"
}
]
},
"source": {
"defect": [
"MST-17"
],
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27910",
"datePublished": "2021-08-30T15:55:08.436773Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-17T01:25:50.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47058 (GCVE-0-2024-47058)
Vulnerability from cvelistv5
Published
2024-09-18 21:00
Modified
2024-09-19 15:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:42:03.651742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:42:11.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.13",
"status": "affected",
"version": "\u003e= 1.0.0",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.1.1",
"status": "affected",
"version": "\u003e= 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "MatisAct"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Avikarsha Saha"
}
],
"datePublic": "2024-09-18T20:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user\u0027s current session.\u003cbr\u003e"
}
],
"value": "With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user\u0027s current session."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:00:28.950Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.13 or 5.1.1."
}
],
"value": "Update to 4.4.13 or 5.1.1."
}
],
"source": {
"advisory": "GHSA-xv68-rrmw-9xwf",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting (XSS) - stored (edit form HTML field)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47058",
"datePublished": "2024-09-18T21:00:28.950Z",
"dateReserved": "2024-09-17T13:41:00.585Z",
"dateUpdated": "2024-09-19T15:42:11.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27908 (GCVE-0-2021-27908)
Vulnerability from cvelistv5
Published
2021-03-23 19:11
Modified
2024-09-16 16:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Petr Gregor, Acquia"
},
{
"lang": "en",
"value": "Fixed by Miroslav Fedeles, Acquia"
}
],
"datePublic": "2021-03-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic\u2019s configuration that are used in publicly facing parts of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T19:11:56",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-03-22T20:15:00.000Z",
"ID": "CVE-2021-27908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.2"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by Petr Gregor, Acquia"
},
{
"lang": "eng",
"value": "Fixed by Miroslav Fedeles, Acquia"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic\u2019s configuration that are used in publicly facing parts of the application."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27908",
"datePublished": "2021-03-23T19:11:56.967620Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-16T16:23:48.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25774 (GCVE-0-2022-25774)
Vulnerability from cvelistv5
Published
2024-09-18 14:54
Modified
2024-09-18 21:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.
Users could inject malicious code into the notification when saving Dashboards.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:55:13.111344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:55:21.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"status": "affected",
"version": "\u003c 4.4.12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Vautia"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Zdeno Kuzmany"
},
{
"lang": "en",
"type": "remediation verifier",
"value": "John Linhart"
}
],
"datePublic": "2024-04-12T13:52:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePrior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.\u003c/p\u003e\u003cp\u003eUsers could inject malicious code into the notification when saving Dashboards.\u003c/p\u003e"
}
],
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.\n\nUsers could inject malicious code into the notification when saving Dashboards."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:29:02.453Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.12 or later."
}
],
"value": "Update to 4.4.12 or later."
}
],
"source": {
"advisory": "GHSA-fhcx-f7jg-jx3fv",
"discovery": "EXTERNAL"
},
"title": "XSS in Notifications via saving Dashboards",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25774",
"datePublished": "2024-09-18T14:54:36.249Z",
"dateReserved": "2022-02-22T20:17:36.805Z",
"dateUpdated": "2024-09-18T21:29:02.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25770 (GCVE-0-2022-25770)
Vulnerability from cvelistv5
Published
2024-09-18 21:26
Modified
2024-09-19 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
Mautic allows you to update the application via an upgrade script.
The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.
This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25770",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:47:02.190322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:47:14.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core-lib",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.13",
"status": "affected",
"version": "\u003e= 1.0.0-beta3",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.1.1.",
"status": "affected",
"version": "\u003e= 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Zdeno Kuzmany"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
}
],
"datePublic": "2024-09-18T20:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mautic allows you to update the application via an upgrade script.\u003cbr\u003e\u003cbr\u003eThe upgrade logic isn\u0027t shielded off correctly, which may lead to vulnerable situation.\u003cbr\u003e\u003cbr\u003eThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.\u003cbr\u003e"
}
],
"value": "Mautic allows you to update the application via an upgrade script.\n\nThe upgrade logic isn\u0027t shielded off correctly, which may lead to vulnerable situation.\n\nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:26:34.059Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to 4.4.13 or 5.1.1 or higher."
}
],
"value": "Upgrade to 4.4.13 or 5.1.1 or higher."
}
],
"source": {
"advisory": "GHSA-qf6m-6m4g-rmrc",
"discovery": "INTERNAL"
},
"title": "Insufficient authentication in upgrade flow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25770",
"datePublished": "2024-09-18T21:26:34.059Z",
"dateReserved": "2022-02-22T20:17:36.804Z",
"dateUpdated": "2024-09-19T14:47:14.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27911 (GCVE-0-2021-27911)
Vulnerability from cvelistv5
Published
2021-08-30 15:55
Modified
2024-09-16 22:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Hoang Nguyen https://github.com/MatisAct, Fixed by Rohit Pavaskar https://github.com/rohitp19"
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact\u0027s first or last name and triggered when viewing a contact\u0027s details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T15:55:12",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc"
}
],
"source": {
"defect": [
"MST-15"
],
"discovery": "EXTERNAL"
},
"title": "XSS vulnerability on contacts view",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-08-30T14:06:00.000Z",
"ID": "CVE-2021-27911",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability on contacts view"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.4"
},
{
"version_affected": "\u003c",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Hoang Nguyen https://github.com/MatisAct, Fixed by Rohit Pavaskar https://github.com/rohitp19"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact\u0027s first or last name and triggered when viewing a contact\u0027s details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc"
}
]
},
"source": {
"defect": [
"MST-15"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27911",
"datePublished": "2021-08-30T15:55:12.869897Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-16T22:30:01.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27912 (GCVE-0-2021-27912)
Vulnerability from cvelistv5
Published
2021-08-30 15:55
Modified
2024-09-16 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Hoang Nguyen https://github.com/MatisAct, Fixed by Rohit Pavaskar https://github.com/rohitp19"
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T15:55:17",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8"
}
],
"source": {
"defect": [
"MST-15"
],
"discovery": "EXTERNAL"
},
"title": "XSS vulnerability on asset view",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-08-30T14:06:00.000Z",
"ID": "CVE-2021-27912",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability on asset view"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.4"
},
{
"version_affected": "\u003c",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Hoang Nguyen https://github.com/MatisAct, Fixed by Rohit Pavaskar https://github.com/rohitp19"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8"
}
]
},
"source": {
"defect": [
"MST-15"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27912",
"datePublished": "2021-08-30T15:55:17.220890Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-16T16:17:39.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11198 (GCVE-0-2018-11198)
Vulnerability from cvelistv5
Published
2019-09-06 20:15
Modified
2024-08-05 08:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:01:52.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/releases"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.14.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-06T20:15:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/releases"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.14.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/releases",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/releases"
},
{
"name": "https://github.com/mautic/mautic/releases/tag/2.14.0",
"refsource": "CONFIRM",
"url": "https://github.com/mautic/mautic/releases/tag/2.14.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11198",
"datePublished": "2019-09-06T20:15:44",
"dateReserved": "2018-05-16T00:00:00",
"dateUpdated": "2024-08-05T08:01:52.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000488 (GCVE-0-2017-1000488)
Vulnerability from cvelistv5
Published
2018-01-03 16:00
Modified
2024-09-16 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000488",
"REQUESTER": "alan.hartless@mautic.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/releases/tag/2.12.0",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000488",
"datePublished": "2018-01-03T16:00:00Z",
"dateReserved": "2018-01-03T00:00:00Z",
"dateUpdated": "2024-09-16T23:46:50.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47059 (GCVE-0-2024-47059)
Vulnerability from cvelistv5
Published
2024-09-18 21:19
Modified
2024-09-25 20:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.
However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification.
This difference could be used to perform username enumeration.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mautic",
"vendor": "mautic",
"versions": [
{
"lessThan": "5.1.1",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T20:45:37.083409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T20:46:12.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 5.1.1",
"status": "affected",
"version": "\u003e= 5.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation verifier",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Tomasz Kowalczyk"
},
{
"lang": "en",
"type": "finder",
"value": "Rafa\u0142 Kami\u0144ski"
}
],
"datePublic": "2024-09-18T20:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.\u003cbr\u003e\u003cbr\u003eHowever when an incorrect username is provided alongside with a weak password, the application responds with \u2019Invalid credentials\u2019 notification.\u003cbr\u003e\u003cbr\u003eThis difference could be used to perform username enumeration."
}
],
"value": "When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.\n\nHowever when an incorrect username is provided alongside with a weak password, the application responds with \u2019Invalid credentials\u2019 notification.\n\nThis difference could be used to perform username enumeration."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575 Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T19:29:53.542Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-8vff-35qm-qjvv"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 5.1.1 or later."
}
],
"value": "Update to 5.1.1 or later."
}
],
"source": {
"advisory": "GHSA-8vff-35qm-qjvv",
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2024-08-06T13:09:00.000Z",
"value": "Issue reported"
},
{
"lang": "en",
"time": "2024-08-06T13:10:00.000Z",
"value": "Fix proposed"
},
{
"lang": "en",
"time": "2023-09-17T12:23:00.000Z",
"value": "QA passed"
}
],
"title": "Users enumeration - weak password login",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47059",
"datePublished": "2024-09-18T21:19:26.951Z",
"dateReserved": "2024-09-17T13:41:00.585Z",
"dateUpdated": "2024-09-25T20:46:12.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25776 (GCVE-0-2022-25776)
Vulnerability from cvelistv5
Published
2024-09-18 15:06
Modified
2024-09-18 21:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-276 - Incorrect Default Permissions
Summary
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.
Users could potentially access sensitive data such as names and surnames, company names and stage names.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T15:58:56.678996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T15:59:05.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.12",
"status": "affected",
"version": "\u003e= 1.0.2",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.0.4",
"status": "affected",
"version": "\u003e5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "infosec-it-init"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Avikarsha Saha"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"datePublic": "2024-04-12T17:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePrior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.\u003c/p\u003e\u003cp\u003eUsers could potentially access sensitive data such as names and surnames, company names and stage names.\u003c/p\u003e"
}
],
"value": "Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.\n\nUsers could potentially access sensitive data such as names and surnames, company names and stage names."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:31:01.738Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.12 or 5.0.4 or later."
}
],
"value": "Update to 4.4.12 or 5.0.4 or later."
}
],
"source": {
"advisory": "GHSA-qjx3-2g35-6hv8",
"discovery": "EXTERNAL"
},
"title": "Sensitive Data Exposure due to inadequate user permission settings",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25776",
"datePublished": "2024-09-18T15:06:54.543Z",
"dateReserved": "2022-02-22T20:17:36.805Z",
"dateUpdated": "2024-09-18T21:31:01.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000490 (GCVE-0-2017-1000490)
Vulnerability from cvelistv5
Published
2018-01-03 17:00
Modified
2024-09-16 16:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000490",
"REQUESTER": "alan.hartless@mautic.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/releases/tag/2.12.0",
"refsource": "CONFIRM",
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000490",
"datePublished": "2018-01-03T17:00:00Z",
"dateReserved": "2018-01-03T00:00:00Z",
"dateUpdated": "2024-09-16T16:47:37.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47050 (GCVE-0-2024-47050)
Vulnerability from cvelistv5
Published
2024-09-18 21:04
Modified
2024-09-19 15:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:41:10.814610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:41:19.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.13",
"status": "affected",
"version": "\u003e= 2.6.0",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.1.1",
"status": "affected",
"version": "\u003e 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mqrtin"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to this patch being applied, Mautic\u0027s tracking was vulnerable to Cross-Site Scripting through the Page URL variable.\u003cbr\u003e"
}
],
"value": "Prior to this patch being applied, Mautic\u0027s tracking was vulnerable to Cross-Site Scripting through the Page URL variable."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:04:46.642Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.13 or 5.1.1 or higher."
}
],
"value": "Update to 4.4.13 or 5.1.1 or higher."
}
],
"source": {
"advisory": "GHSA-73gr-32wg-qhh7",
"discovery": "EXTERNAL"
},
"title": "XSS in contact/company tracking (no authentication)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2024-47050",
"datePublished": "2024-09-18T21:04:46.642Z",
"dateReserved": "2024-09-17T13:41:00.584Z",
"dateUpdated": "2024-09-19T15:41:19.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25775 (GCVE-0-2022-25775)
Vulnerability from cvelistv5
Published
2024-09-18 15:01
Modified
2024-09-18 21:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.
The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mautic",
"vendor": "mautic",
"versions": [
{
"lessThan": "4.4.12",
"status": "affected",
"version": "2.14.1",
"versionType": "semver"
},
{
"lessThan": "5.0.4",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:46:22.968034Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:47:36.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.12",
"status": "affected",
"version": "\u003e= 2.14.1",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.0.4",
"status": "affected",
"version": "\u003e 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "a-solovev"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation developer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Akivarsha Saha"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePrior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.\u003c/p\u003e\u003cp\u003eThe user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.\u003c/p\u003e"
}
],
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.\n\nThe user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:30:23.104Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.12 or 5.0.4 or higher."
}
],
"value": "Update to 4.4.12 or 5.0.4 or higher."
}
],
"source": {
"advisory": "GHSA-jj6w-2cqg-7p94",
"discovery": "EXTERNAL"
},
"title": "SQL Injection in dynamic Reports",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25775",
"datePublished": "2024-09-18T15:01:23.529Z",
"dateReserved": "2022-02-22T20:17:36.805Z",
"dateUpdated": "2024-09-18T21:30:23.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35125 (GCVE-0-2020-35125)
Vulnerability from cvelistv5
Published
2021-02-09 21:39
Modified
2024-08-04 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-09T21:39:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.mautic.org/c/announcements/16",
"refsource": "MISC",
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"name": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4",
"refsource": "MISC",
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
},
{
"name": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce",
"refsource": "MISC",
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35125",
"datePublished": "2021-02-09T21:39:33",
"dateReserved": "2020-12-11T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000489 (GCVE-0-2017-1000489)
Vulnerability from cvelistv5
Published
2018-01-03 17:00
Modified
2024-09-17 00:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T17:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-12-29",
"ID": "CVE-2017-1000489",
"REQUESTER": "alan.hartless@mautic.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/releases/tag/2.12.0",
"refsource": "CONFIRM",
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000489",
"datePublished": "2018-01-03T17:00:00Z",
"dateReserved": "2018-01-03T00:00:00Z",
"dateUpdated": "2024-09-17T00:42:20.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27909 (GCVE-0-2021-27909)
Vulnerability from cvelistv5
Published
2021-08-30 16:00
Modified
2024-09-16 20:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by https://github.com/ZhenwarX, Fixed by Mohit Aghera https://github.com/mohit-rocks"
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic\u0027s password reset page where a vulnerable parameter, \"bundle,\" in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T16:00:10",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc"
}
],
"source": {
"defect": [
"MST-16"
],
"discovery": "EXTERNAL"
},
"title": "XSS vulnerability on password reset page",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-08-30T14:06:00.000Z",
"ID": "CVE-2021-27909",
"STATE": "PUBLIC",
"TITLE": "XSS vulnerability on password reset page"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.4"
},
{
"version_affected": "\u003c",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by https://github.com/ZhenwarX, Fixed by Mohit Aghera https://github.com/mohit-rocks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic\u0027s password reset page where a vulnerable parameter, \"bundle,\" in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc"
}
]
},
"source": {
"defect": [
"MST-16"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27909",
"datePublished": "2021-08-30T16:00:10.951539Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-16T20:52:58.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27913 (GCVE-0-2021-27913)
Vulnerability from cvelistv5
Published
2021-08-30 15:55
Modified
2024-09-16 18:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Summary
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "3.3.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "4.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Michael Rowley https://github.com/michaellrowley, Fixed by Mohit Aghera https://github.com/mohit-rocks"
}
],
"datePublic": "2021-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-30T15:55:21",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3"
}
],
"source": {
"defect": [
"MST-18"
],
"discovery": "EXTERNAL"
},
"title": "Use of a Broken or Risky Cryptographic Algorithm",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"DATE_PUBLIC": "2021-08-30T14:06:00.000Z",
"ID": "CVE-2021-27913",
"STATE": "PUBLIC",
"TITLE": "Use of a Broken or Risky Cryptographic Algorithm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.3.4"
},
{
"version_affected": "\u003c",
"version_value": "4.0.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Michael Rowley https://github.com/michaellrowley, Fixed by Mohit Aghera https://github.com/mohit-rocks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3"
}
]
},
"source": {
"defect": [
"MST-18"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27913",
"datePublished": "2021-08-30T15:55:21.646676Z",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-09-16T18:08:08.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27916 (GCVE-0-2021-27916)
Vulnerability from cvelistv5
Published
2024-09-17 14:20
Modified
2024-09-18 21:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.
This vulnerability exists in the implementation of the GrapesJS builder in Mautic.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:57:12.983272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T15:57:32.709Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThanOrEqual": "\u003c= 4.4.11",
"status": "affected",
"version": "\u003e= 3.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c= 5.0.3",
"status": "affected",
"version": "\u003e= 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Adrian Schimpf"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Avikarsha Saha"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"datePublic": "2024-04-12T17:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.\u003cbr\u003e\u003cbr\u003eThis vulnerability exists in the implementation of the GrapesJS builder in Mautic.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.\n\nThis vulnerability exists in the implementation of the GrapesJS builder in Mautic."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:29:42.899Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to 4.4.12 or 5.0.4 or higher."
}
],
"value": "Upgrade to 4.4.12 or 5.0.4 or higher."
}
],
"source": {
"advisory": "GHSA-9fcx-cv56-w58p",
"discovery": "USER"
},
"title": "Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27916",
"datePublished": "2024-09-17T14:20:03.550Z",
"dateReserved": "2021-03-02T15:53:50.859Z",
"dateUpdated": "2024-09-18T21:29:42.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25768 (GCVE-0-2022-25768)
Vulnerability from cvelistv5
Published
2024-09-18 20:55
Modified
2024-09-19 15:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:42:37.075391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:42:44.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.13",
"status": "affected",
"version": "\u003e= 1.1.3",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.1.1",
"status": "affected",
"version": "\u003e= 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"datePublic": "2024-09-18T17:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.\u003c/p\u003e"
}
],
"value": "The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T20:55:53.187Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.13 or 5.1.1 or higher."
}
],
"value": "Update to 4.4.13 or 5.1.1 or higher."
}
],
"source": {
"advisory": "GHSA-x3jx-5w6m-q2fc",
"discovery": "USER"
},
"title": "Improper Access Control in UI upgrade process",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25768",
"datePublished": "2024-09-18T20:55:53.187Z",
"dateReserved": "2022-02-22T20:17:36.803Z",
"dateUpdated": "2024-09-19T15:42:44.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-11200 (GCVE-0-2018-11200)
Vulnerability from cvelistv5
Published
2019-09-20 17:59
Modified
2024-08-05 08:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:01:52.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.14.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-20T17:59:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.14.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/releases/tag/2.14.0",
"refsource": "CONFIRM",
"url": "https://github.com/mautic/mautic/releases/tag/2.14.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-11200",
"datePublished": "2019-09-20T17:59:50",
"dateReserved": "2018-05-16T00:00:00",
"dateUpdated": "2024-08-05T08:01:52.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35124 (GCVE-0-2020-35124)
Vulnerability from cvelistv5
Published
2021-01-28 05:37
Modified
2024-08-04 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-28T05:37:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.mautic.org/c/announcements/16",
"refsource": "MISC",
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"name": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4",
"refsource": "MISC",
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
},
{
"name": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce",
"refsource": "MISC",
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35124",
"datePublished": "2021-01-28T05:37:56",
"dateReserved": "2020-12-11T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25769 (GCVE-0-2022-25769)
Vulnerability from cvelistv5
Published
2024-09-18 14:47
Modified
2024-09-18 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Summary
ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.
This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mautic",
"vendor": "mautic",
"versions": [
{
"lessThan": "3.3.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25769",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:10:59.918348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:12:16.003Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.5",
"versionType": "semver"
},
{
"status": "affected",
"version": "\u003c 4.2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Mattias Michaux"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Zdeno Kuzmany"
}
],
"datePublic": "2022-03-02T14:47:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ch2\u003eImpact\u003c/h2\u003eThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.\u003cbr\u003e\u003cbr\u003eThis logic isn\u0027t correct, as the regex in the second FilesMatch only checks the filename, not the full path."
}
],
"value": "ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.\n\nThis logic isn\u0027t correct, as the regex in the second FilesMatch only checks the filename, not the full path."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:28:12.305Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56"
},
{
"url": "https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to 3.3.5 or 4.2.0. \u003cbr\u003e\u003cbr\u003eIf you\u0027re using Mautic in a sub-folder with Apache \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e(e.g. example.com/mautic)\u003c/span\u003e, \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eplease review the guidance in \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/mautic/mautic/issues/10913#issuecomment-1055681986\"\u003ethis GitHub issue\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;before updating, as you will probably need to make some changes to the .htaccess file after you update.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Upgrade to 3.3.5 or 4.2.0. \n\nIf you\u0027re using Mautic in a sub-folder with Apache (e.g. example.com/mautic), please review the guidance in this GitHub issue https://github.com/mautic/mautic/issues/10913#issuecomment-1055681986 \u00a0before updating, as you will probably need to make some changes to the .htaccess file after you update."
}
],
"source": {
"advisory": "GHSA-mj6m-246h-9w56",
"discovery": "UNKNOWN"
},
"title": "Improper regex in htaccess file",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25769",
"datePublished": "2024-09-18T14:47:09.029Z",
"dateReserved": "2022-02-22T20:17:36.804Z",
"dateUpdated": "2024-09-18T21:28:12.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27914 (GCVE-0-2021-27914)
Vulnerability from cvelistv5
Published
2022-06-01 15:20
Modified
2024-08-03 21:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Mattias Michaux, Dropsolid"
},
{
"lang": "en",
"value": "Fixed by Mattias Michaux, Dropsolid"
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T15:20:10",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mautic.org",
"ID": "CVE-2021-27914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mautic",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.3.0"
}
]
}
}
]
},
"vendor_name": "Mautic"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Mattias Michaux, Dropsolid"
},
{
"lang": "eng",
"value": "Fixed by Mattias Michaux, Dropsolid"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27914",
"datePublished": "2022-06-01T15:20:10",
"dateReserved": "2021-03-02T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35128 (GCVE-0-2020-35128)
Vulnerability from cvelistv5
Published
2021-01-19 13:08
Modified
2024-08-04 16:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-22T02:31:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.mautic.org/c/announcements/16",
"refsource": "MISC",
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"name": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2",
"refsource": "MISC",
"url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2"
},
{
"name": "https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786",
"refsource": "CONFIRM",
"url": "https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35128",
"datePublished": "2021-01-19T13:08:02",
"dateReserved": "2020-12-11T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25772 (GCVE-0-2022-25772)
Vulnerability from cvelistv5
Published
2022-06-20 00:00
Modified
2024-08-03 04:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:44.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Mattias Michaux, Dropsolid"
},
{
"lang": "en",
"value": "Fixed by Mattias Michaux, Dropsolid"
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T00:00:00",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332"
},
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25772",
"datePublished": "2022-06-20T00:00:00",
"dateReserved": "2022-02-22T00:00:00",
"dateUpdated": "2024-08-03T04:49:44.197Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27917 (GCVE-0-2021-27917)
Vulnerability from cvelistv5
Published
2024-09-18 21:09
Modified
2024-09-19 15:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:40:34.799089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:40:48.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.13",
"status": "affected",
"version": "\u003e= 1.0.0-beta4",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.1.1",
"status": "affected",
"version": "\u003e= 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Patryk Gruszka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
}
],
"datePublic": "2024-09-18T20:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.\u003cbr\u003e"
}
],
"value": "Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:09:09.987Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.13 or 5.1.1 or later."
}
],
"value": "Update to 4.4.13 or 5.1.1 or later."
}
],
"source": {
"advisory": "GHSA-xpc5-rr39-v8v2",
"discovery": "USER"
},
"title": "XSS in contact tracking and page hits report",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27917",
"datePublished": "2024-09-18T21:09:09.987Z",
"dateReserved": "2021-03-02T15:53:50.859Z",
"dateUpdated": "2024-09-19T15:40:48.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25777 (GCVE-0-2022-25777)
Vulnerability from cvelistv5
Published
2024-09-18 15:13
Modified
2024-09-18 21:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T17:16:39.934782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:17:51.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThan": "\u003c 4.4.12",
"status": "affected",
"version": "\u003e= 1.0.0-beta4",
"versionType": "semver"
},
{
"lessThan": "\u003c 5.0.4",
"status": "affected",
"version": "\u003e 5.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "a-solovev"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "John Linhart"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Avikarsha Shah"
}
],
"datePublic": "2024-04-12T09:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePrior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.\u003c/p\u003e"
}
],
"value": "Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T21:32:05.348Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Please update to 4.4.12 or 5.0.4 or later."
}
],
"value": "Please update to 4.4.12 or 5.0.4 or later."
}
],
"source": {
"advisory": "GHSA-mgv8-w49f-822w",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery in Asset section",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2022-25777",
"datePublished": "2024-09-18T15:13:52.308Z",
"dateReserved": "2022-02-22T20:17:36.805Z",
"dateUpdated": "2024-09-18T21:32:05.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8874 (GCVE-0-2017-8874)
Vulnerability from cvelistv5
Published
2017-05-10 05:14
Modified
2024-08-05 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mautic/mautic/issues/3486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-10T05:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mautic/mautic/issues/3486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/issues/3486",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/issues/3486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8874",
"datePublished": "2017-05-10T05:14:00",
"dateReserved": "2017-05-09T00:00:00",
"dateUpdated": "2024-08-05T16:48:22.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27915 (GCVE-0-2021-27915)
Vulnerability from cvelistv5
Published
2024-09-17 14:02
Modified
2024-09-17 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.
This could lead to the user having elevated access to the system.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mautic",
"vendor": "mautic",
"versions": [
{
"lessThanOrEqual": "4.4.11",
"status": "affected",
"version": "1.0.0-beta2",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27915",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T15:59:08.355119Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T16:01:29.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://packagist.org",
"defaultStatus": "unaffected",
"packageName": "mautic/core-lib",
"product": "Mautic",
"repo": "https://github.com/mautic/mautic",
"vendor": "Mautic",
"versions": [
{
"lessThanOrEqual": "\u003c= 4.4.11",
"status": "affected",
"version": "\u003e= 1.0.0-beta2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Lenon Leite"
},
{
"lang": "en",
"type": "finder",
"value": "Lenon Leite"
}
],
"datePublic": "2024-04-11T09:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePrior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis could lead to the user having elevated access to the system.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.\n\nThis could lead to the user having elevated access to the system."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:02:09.969Z",
"orgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"shortName": "Mautic"
},
"references": [
{
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 4.4.12 or later."
}
],
"value": "Update to 4.4.12 or later."
}
],
"source": {
"advisory": "https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2",
"discovery": "INTERNAL"
},
"title": "XSS Cross-site Scripting Stored (XSS) - Description field",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4e531c38-7a33-45d3-98dd-d909c0d8852e",
"assignerShortName": "Mautic",
"cveId": "CVE-2021-27915",
"datePublished": "2024-09-17T14:02:09.969Z",
"dateReserved": "2021-03-02T15:53:50.859Z",
"dateUpdated": "2024-09-17T16:01:29.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-08-30 16:15
Modified
2024-11-21 05:58
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7B8AF8-5929-4515-9EFF-9F589FA3FFDC",
"versionEndExcluding": "3.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "A4B8FCED-A690-45D0-ACE1-871ADA2080F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "14D56FFE-E768-4502-BA7E-6B34BFE463B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "C536B44B-C713-47D1-9EBD-E2D94CB0561E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic\u0027s password reset page where a vulnerable parameter, \"bundle,\" in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized."
},
{
"lang": "es",
"value": "Para Mautic versiones anteriores a 3.3.4/4.0.0, se presenta una vulnerabilidad de tipo XSS en la p\u00e1gina de restablecimiento de contrase\u00f1a de Mautic donde un par\u00e1metro vulnerable, \"bundle\", en la URL podr\u00eda permitir a un atacante ejecutar c\u00f3digo Javascript. El atacante tendr\u00eda que convencer o enga\u00f1ar al objetivo para que haga clic en una URL de restablecimiento de contrase\u00f1a con el par\u00e1metro vulnerable usado."
}
],
"id": "CVE-2021-27909",
"lastModified": "2024-11-21T05:58:45.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-30T16:15:07.230",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-18 16:15
Modified
2025-02-27 19:37
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7418A276-A3A8-4D0E-AA86-92E1EED6006A",
"versionEndExcluding": "4.4.12",
"versionStartIncluding": "1.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3123A79D-F360-44BE-85BA-34304F3E1B40",
"versionEndExcluding": "5.0.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "99718D48-5C19-41C5-84E1-52E95F012830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "4E35B0F0-9BF1-45FA-8954-B8BFB7389C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "213A9276-B9D1-4B4D-BBE9-FC42B6D63DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F366E4D8-1515-4E5F-8551-4C8D9E00D0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B4234B41-F219-45B7-83A1-8F0F652F2A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DA028F70-6020-47D6-BEC0-6FC0C7E18420",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n parcheada, un usuario autenticado de Mautic pod\u00eda leer archivos del sistema y acceder a las direcciones internas de la aplicaci\u00f3n debido a una vulnerabilidad de Server-Side Request Forgery (SSRF)."
}
],
"id": "CVE-2022-25777",
"lastModified": "2025-02-27T19:37:08.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-18T16:15:04.980",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-18 21:15
Modified
2024-09-27 15:31
Severity ?
2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6555B3F-97C3-4192-BB29-BEDD3C63C4AB",
"versionEndExcluding": "4.4.13",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC060988-1D0C-4CB2-A052-A0BCCD236381",
"versionEndExcluding": "5.1.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user\u0027s current session."
},
{
"lang": "es",
"value": "Con acceso para editar un formulario de Mautic, el atacante puede agregar Cross-Site Scripting Almacenado en el archivo html. Esto podr\u00eda usarse para robar informaci\u00f3n confidencial de la sesi\u00f3n actual del usuario."
}
],
"id": "CVE-2024-47058",
"lastModified": "2024-09-27T15:31:30.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 2.5,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-18T21:15:13.923",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-28 06:15
Modified
2024-11-21 05:26
Severity ?
Summary
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://forum.mautic.org/c/announcements/16 | Vendor Advisory | |
| cve@mitre.org | https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m | Third Party Advisory | |
| cve@mitre.org | https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce | Third Party Advisory | |
| cve@mitre.org | https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://forum.mautic.org/c/announcements/16 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB169263-4D35-47A1-A22A-9706C077A813",
"versionEndExcluding": "3.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads."
},
{
"lang": "es",
"value": "Una Vulnerabilidad de tipo Cross-site scripting (XSS) en el componente assets de Mautic versiones anteriores a 3.2.4, permite a atacantes remotos inyectar JavaScript ejecutable por medio del encabezado Referer de las descargas de activos"
}
],
"id": "CVE-2020-35124",
"lastModified": "2024-11-21T05:26:48.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-28T06:15:13.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-18 21:15
Modified
2024-09-27 15:29
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE9F17BE-23A1-4088-9B04-27DE04CC756E",
"versionEndExcluding": "4.4.13",
"versionStartIncluding": "2.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC060988-1D0C-4CB2-A052-A0BCCD236381",
"versionEndExcluding": "5.1.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to this patch being applied, Mautic\u0027s tracking was vulnerable to Cross-Site Scripting through the Page URL variable."
},
{
"lang": "es",
"value": "Antes de que se aplicara este parche, el seguimiento de Mautic era vulnerable a Cross-Site Scripting a trav\u00e9s de la variable Page URL."
}
],
"id": "CVE-2024-47050",
"lastModified": "2024-09-27T15:29:21.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-18T21:15:13.743",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-03 17:29
Modified
2024-11-21 03:04
Severity ?
Summary
Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mautic/mautic/releases/tag/2.12.0 | Exploit, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/releases/tag/2.12.0 | Exploit, Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acquia | mautic | 1.0.1 | |
| acquia | mautic | 1.0.2 | |
| acquia | mautic | 1.0.3 | |
| acquia | mautic | 1.0.4 | |
| acquia | mautic | 1.0.5 | |
| acquia | mautic | 1.1.0 | |
| acquia | mautic | 1.1.1 | |
| acquia | mautic | 1.1.2 | |
| acquia | mautic | 1.1.3 | |
| acquia | mautic | 1.2.0 | |
| acquia | mautic | 1.2.1 | |
| acquia | mautic | 1.2.2 | |
| acquia | mautic | 1.2.3 | |
| acquia | mautic | 1.2.4 | |
| acquia | mautic | 1.3.0 | |
| acquia | mautic | 1.3.1 | |
| acquia | mautic | 1.4.0 | |
| acquia | mautic | 1.4.1 | |
| acquia | mautic | 2.0.0 | |
| acquia | mautic | 2.0.1 | |
| acquia | mautic | 2.1.0 | |
| acquia | mautic | 2.1.1 | |
| acquia | mautic | 2.2.0 | |
| acquia | mautic | 2.2.1 | |
| acquia | mautic | 2.3.0 | |
| acquia | mautic | 2.4.0 | |
| acquia | mautic | 2.5.0 | |
| acquia | mautic | 2.5.1 | |
| acquia | mautic | 2.6.0 | |
| acquia | mautic | 2.6.1 | |
| acquia | mautic | 2.7.0 | |
| acquia | mautic | 2.7.1 | |
| acquia | mautic | 2.8.0 | |
| acquia | mautic | 2.8.1 | |
| acquia | mautic | 2.8.2 | |
| acquia | mautic | 2.9.0 | |
| acquia | mautic | 2.9.1 | |
| acquia | mautic | 2.10.0 | |
| acquia | mautic | 2.10.1 | |
| acquia | mautic | 2.11.0 | |
| mautic | mautic | 1.0.0 | |
| mautic | mautic | 1.2.0 | |
| mautic | mautic | 2.9.0 | |
| mautic | mautic | 2.9.2 | |
| mautic | mautic | 2.10.0 | |
| mautic | mautic | 2.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E592D4D5-0E5A-4B39-AC04-088B824D3E73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B41915-93B3-4FFE-968A-615D008EA227",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D769331C-B1F6-49BD-A6C2-AC02D3129BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA550469-F69F-4622-926B-FD4A537B21FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "425F698F-CCD6-4A05-A31F-5F8BFEF60F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66FD252B-7E86-4275-BF02-E33FA91CD5F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FE419F-CE46-4DB2-9581-2DA2E10C2E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0705A45D-2B1C-440D-8019-D404046591F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA5F6FC-DFD2-4E62-B420-25E0ECABE7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C728C7F3-2C0C-4486-80F4-A9548C535C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF32567-BCCE-4817-A4D9-345D408B9DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "366161CC-8FF1-44B8-A16A-00D2D828AA87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "996A31B6-3FC4-4347-9BC7-6B0E3252443A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4B17CC51-A2F1-4D54-BAED-12E0578CF59E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A16DB243-0658-4354-B63C-47BE02F3702B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F328D42-C524-4B27-A0AD-25A12DE7C506",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC913822-C3C3-42D2-B804-DA960E2DA12A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A252C2D-156A-4ED7-B0D3-4FC66BC10916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3570E4D0-3F19-4343-B8D6-570693C231BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8183F886-F921-4B41-B4F4-BCADD1D82490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "821E491B-4306-43D8-9884-D26D557B85C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "067FE5C3-BD71-4F6F-9777-9429FBCD2669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352CCA25-B7E2-4878-83CD-D444DE1A4D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F537D29E-267F-41DA-A7D6-EAE8F2F1D0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6295440-4EB3-45EE-86B7-A06041580114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65FE8140-C008-4271-862A-02D8338E7471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F69C10-F74A-4399-9665-75C62AF1ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2343A267-12F1-4720-B548-74201E57CC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7CE6166-E6FA-40D7-9EA7-C329DA8396D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0E77CC-1C9E-47A1-A48D-1A098537F1EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4E6411-EF70-4AFA-A5EA-B4B31E3B87FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49602924-B1C2-40AB-9711-582B910C5135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF326AC-1598-4E5D-9138-74C9BB07D217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59461408-E345-40BE-8E0F-F6A6963B3815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504AFF4D-A70A-4AEB-A4F6-01146BD7DAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.9.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "578537AC-BF31-43D7-B80A-B5AD235882A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "477202B1-9A31-4C8A-9B22-B296BC413838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "AF978F65-E884-4814-8C37-38F699720069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95D68FA7-8E9C-4F94-89AC-05389DB5FC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "B650408E-4D7E-48C0-AF62-3C79DD5ACD52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31F663D5-2240-41BD-A450-AA6F5C329255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "635041AC-ADB0-4B87-8C0C-DE2CC7E758C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEC05DD-9E41-4D78-9EDB-F086DFD0FD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ECE904-F0B8-4194-B35B-1A7404602CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09011058-0F31-4D8E-B1BB-3E3DC4437955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A48919-3F8F-41FC-9831-45766D3C3478",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to."
},
{
"lang": "es",
"value": "Mautic, de la versi\u00f3n 1.0.0 a la 2.11.0, es vulnerable a permitir que cualquier sesi\u00f3n de usuario autorizada de Mautic (debe haber iniciado sesi\u00f3n) utilice el Filemanager para descargar cualquier archivo del servidor al que tenga acceso el usuario web."
}
],
"id": "CVE-2017-1000490",
"lastModified": "2024-11-21T03:04:51.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-03T17:29:00.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-17 14:15
Modified
2024-09-29 00:22
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.
This could lead to the user having elevated access to the system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71754804-5279-4236-8CE2-434BC23B4A30",
"versionEndExcluding": "4.4.12",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "99718D48-5C19-41C5-84E1-52E95F012830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "0B21EB9D-BFCD-4D58-BCA6-3AAE6B3B9041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9C1C106B-1B3D-427D-8147-5527E610F569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "4E35B0F0-9BF1-45FA-8954-B8BFB7389C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "213A9276-B9D1-4B4D-BBE9-FC42B6D63DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F366E4D8-1515-4E5F-8551-4C8D9E00D0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B4234B41-F219-45B7-83A1-8F0F652F2A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DA028F70-6020-47D6-BEC0-6FC0C7E18420",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.\n\nThis could lead to the user having elevated access to the system."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n parcheada, existe una vulnerabilidad XSS en los campos de descripci\u00f3n dentro de la aplicaci\u00f3n Mautic que podr\u00eda ser explotada por un usuario registrado de Mautic con los permisos adecuados. Esto podr\u00eda provocar que el usuario tenga acceso elevado al sistema."
}
],
"id": "CVE-2021-27915",
"lastModified": "2024-09-29T00:22:31.787",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.5,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-17T14:15:14.100",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-30 16:15
Modified
2024-11-21 05:58
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8 | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7B8AF8-5929-4515-9EFF-9F589FA3FFDC",
"versionEndExcluding": "3.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "A4B8FCED-A690-45D0-ACE1-871ADA2080F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "14D56FFE-E768-4502-BA7E-6B34BFE463B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "C536B44B-C713-47D1-9EBD-E2D94CB0561E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets."
},
{
"lang": "es",
"value": "Mautic versiones anteriores a 3.3.4/4.0.0, son vulnerables a un ataque de tipo JS XSS en l\u00ednea cuando se visualizan activos de Mautic al usar JS en l\u00ednea en el t\u00edtulo y a\u00f1adiendo una URL de imagen rota como activo remoto. Esto s\u00f3lo puede ser aprovechado por un usuario autenticado con permiso para crear o editar activos."
}
],
"id": "CVE-2021-27912",
"lastModified": "2024-11-21T05:58:47.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-30T16:15:07.403",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-10 05:29
Modified
2025-04-20 01:37
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mautic/mautic/issues/3486 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/issues/3486 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A252C2D-156A-4ED7-B0D3-4FC66BC10916",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de CSRF en Mautic 1.4.1 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios para solicitudes que o bien eliminan campa\u00f1as de correo electr\u00f3nico o eliminan contactos."
}
],
"id": "CVE-2017-8874",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-10T05:29:00.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/issues/3486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/issues/3486"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-01 16:15
Modified
2024-11-21 05:58
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3C170B-7CFF-40E1-A068-F392D2A71710",
"versionEndExcluding": "4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript"
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) en el componente instalador de Mautic antes de la versi\u00f3n 4.3.0 permite a los administradores inyectar javascript ejecutable"
}
],
"id": "CVE-2021-27914",
"lastModified": "2024-11-21T05:58:47.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-01T16:15:07.773",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-06 21:15
Modified
2024-11-21 03:42
Severity ?
Summary
An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mautic/mautic/releases | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/mautic/mautic/releases/tag/2.14.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/releases/tag/2.14.0 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAAD9BA-4AA9-4733-B19E-9A43ED2231E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Mautic 2.13.1. Hay XSS almacenado a trav\u00e9s del campo authorUrl en config.json."
}
],
"id": "CVE-2018-11198",
"lastModified": "2024-11-21T03:42:52.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-06T21:15:11.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.14.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.14.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-18 22:15
Modified
2025-02-27 19:42
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Mautic allows you to update the application via an upgrade script.
The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.
This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "496E995E-E33A-4481-83A6-38172DA11763",
"versionEndExcluding": "4.4.13",
"versionStartIncluding": "1.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC060988-1D0C-4CB2-A052-A0BCCD236381",
"versionEndExcluding": "5.1.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "99718D48-5C19-41C5-84E1-52E95F012830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "9C1C106B-1B3D-427D-8147-5527E610F569",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "4E35B0F0-9BF1-45FA-8954-B8BFB7389C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "213A9276-B9D1-4B4D-BBE9-FC42B6D63DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F366E4D8-1515-4E5F-8551-4C8D9E00D0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B4234B41-F219-45B7-83A1-8F0F652F2A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DA028F70-6020-47D6-BEC0-6FC0C7E18420",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic allows you to update the application via an upgrade script.\n\nThe upgrade logic isn\u0027t shielded off correctly, which may lead to vulnerable situation.\n\nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable."
},
{
"lang": "es",
"value": "Mautic permite actualizar la aplicaci\u00f3n mediante un script de actualizaci\u00f3n. La l\u00f3gica de actualizaci\u00f3n no est\u00e1 protegida correctamente, lo que puede generar una situaci\u00f3n vulnerable. Esta vulnerabilidad se ve mitigada por el hecho de que Mautic debe instalarse de una determinada manera para que sea vulnerable."
}
],
"id": "CVE-2022-25770",
"lastModified": "2025-02-27T19:42:12.837",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.4,
"impactScore": 5.8,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-18T22:15:03.827",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-30 16:15
Modified
2024-11-21 05:58
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "error_related_to" parameters of the POST request of the bounce management callback will be permanently stored and executed once the details page of an affected lead is opened by a Mautic user. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the "error" and "error_related_to" parameters of the POST request (POST /mailer/<product / webhook>/callback). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7B8AF8-5929-4515-9EFF-9F589FA3FFDC",
"versionEndExcluding": "3.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "A4B8FCED-A690-45D0-ACE1-871ADA2080F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "14D56FFE-E768-4502-BA7E-6B34BFE463B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "C536B44B-C713-47D1-9EBD-E2D94CB0561E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the \"error\" and \"error_related_to\" parameters of the POST request of the bounce management callback will be permanently stored and executed once the details page of an affected lead is opened by a Mautic user. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the \"error\" and \"error_related_to\" parameters of the POST request (POST /mailer/\u003cproduct / webhook\u003e/callback). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information."
},
{
"lang": "es",
"value": "Un saneamiento / filtrado insuficiente permite una inyecci\u00f3n arbitraria de JavaScript en Mautic mediante la funci\u00f3n bounce management callback. Los valores enviados en los par\u00e1metros \"error\" y \"error_related_to\" de la petici\u00f3n POST de la devoluci\u00f3n de llamada de la administraci\u00f3n de rebotes ser\u00e1n almacenados de forma permanente y ser\u00e1n ejecutados una vez que la p\u00e1gina de detalles de un lead afectado sea abierta por un usuario de Mautic. Un atacante con acceso a la funci\u00f3n de callback de administraci\u00f3n de rebotes (identificada con el webhook de Mailjet, pero se supone que esto funcionar\u00e1 uniformemente en todos los tipos de webhooks) puede inyectar c\u00f3digo JavaScript arbitrario en los par\u00e1metros \"error\" y \"error_related_to\" de la petici\u00f3n POST (POST /mailer//callback). N\u00f3tese que no se necesita autenticaci\u00f3n para acceder a esta funci\u00f3n. El c\u00f3digo JavaScript es almacenado permanentemente en la aplicaci\u00f3n web y es ejecutado cada vez que un usuario autenticado visualiza la p\u00e1gina de detalles de un solo contacto / lead en Mautic. Esto significa que puede ser ejecutado un c\u00f3digo arbitrario para, por ejemplo, robar o manipular informaci\u00f3n."
}
],
"id": "CVE-2021-27910",
"lastModified": "2024-11-21T05:58:46.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-30T16:15:07.293",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-19 14:15
Modified
2024-11-21 05:26
Severity ?
Summary
Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1103784E-1EE0-4760-BB2D-BEE26B17488A",
"versionEndExcluding": "2.16.5",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92FD5E57-7CF8-4592-BB62-E660004134A2",
"versionEndExcluding": "3.2.4",
"versionStartIncluding": "3.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system."
},
{
"lang": "es",
"value": "Mautic versiones anteriores a 3.2.4, est\u00e1 afectado por una vulnerabilidad de tipo XSS almacenado.\u0026#xa0;Un atacante con permiso para administrar empresas, una funcionalidad de la aplicaci\u00f3n, podr\u00eda atacar a otros usuarios, incluyendo los administradores.\u0026#xa0;Por ejemplo, al cargar un archivo JavaScript dise\u00f1ado externamente, un atacante podr\u00eda eventualmente llevar a cabo acciones como el usuario objetivo.\u0026#xa0;Estas acciones incluyen cambiar las contrase\u00f1as de los usuarios, alterar las direcciones de correo electr\u00f3nico o de usuario o agregar un nuevo administrador al sistema"
}
],
"id": "CVE-2020-35128",
"lastModified": "2024-11-21T05:26:49.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-19T14:15:12.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-18 15:15
Modified
2024-09-23 23:22
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.
The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C670F8-5A52-4013-BC7F-7D63F0B9EFE1",
"versionEndExcluding": "4.4.12",
"versionStartIncluding": "2.14.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3123A79D-F360-44BE-85BA-34304F3E1B40",
"versionEndExcluding": "5.0.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.\n\nThe user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n parcheada, los usuarios registrados de Mautic eran vulnerables a una vulnerabilidad de inyecci\u00f3n SQL en el paquete de informes. El usuario pod\u00eda recuperar y alterar datos como datos confidenciales, datos de inicio de sesi\u00f3n y, seg\u00fan el permiso de la base de datos, el atacante pod\u00eda manipular los sistemas de archivos."
}
],
"id": "CVE-2022-25775",
"lastModified": "2024-09-23T23:22:15.763",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-18T15:15:13.440",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-18 21:15
Modified
2025-02-27 19:39
Severity ?
7.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96CCF98E-6E23-4EB5-836C-F9ADFC60AA65",
"versionEndExcluding": "4.4.13",
"versionStartIncluding": "1.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC060988-1D0C-4CB2-A052-A0BCCD236381",
"versionEndExcluding": "5.1.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required."
},
{
"lang": "es",
"value": "La l\u00f3gica implementada para facilitar el proceso de actualizaci\u00f3n a trav\u00e9s de la interfaz de usuario carece de control de acceso para verificar si existe permiso para realizar las tareas. Antes de que se aplicara este parche, era posible que un atacante accediera al n\u00famero de versi\u00f3n de Mautic o ejecutara partes del proceso de actualizaci\u00f3n sin permiso. Como la actualizaci\u00f3n en la interfaz de usuario est\u00e1 obsoleta, esta funcionalidad ya no es necesaria."
}
],
"id": "CVE-2022-25768",
"lastModified": "2025-02-27T19:39:16.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-18T21:15:12.860",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-30 16:15
Modified
2024-11-21 05:58
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Summary
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3 | Exploit, Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7B8AF8-5929-4515-9EFF-9F589FA3FFDC",
"versionEndExcluding": "3.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "A4B8FCED-A690-45D0-ACE1-871ADA2080F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "14D56FFE-E768-4502-BA7E-6B34BFE463B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "C536B44B-C713-47D1-9EBD-E2D94CB0561E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0."
},
{
"lang": "es",
"value": "La funci\u00f3n mt_rand es usada para generar tokens de sesi\u00f3n, esta funci\u00f3n es criptogr\u00e1ficamente defectuosa debido a que su naturaleza es una pseudoaleatoriedad, un atacante puede aprovechar la naturaleza criptogr\u00e1ficamente no segura de esta funci\u00f3n para enumerar tokens de sesi\u00f3n para cuentas que no est\u00e1n bajo su control. Este problema afecta a: Mautic versiones anteriores a 3.3.4; versiones anteriores a 4.0.0."
}
],
"id": "CVE-2021-27913",
"lastModified": "2024-11-21T05:58:47.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-30T16:15:07.457",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-20 13:15
Modified
2024-11-21 06:52
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3C170B-7CFF-40E1-A068-F392D2A71710",
"versionEndExcluding": "4.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript"
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site scripting (XSS) en el componente de seguimiento web de Mautic versiones anteriores a 4.3.0, permite a atacantes remotos inyectar javascript ejecutable"
}
],
"id": "CVE-2022-25772",
"lastModified": "2024-11-21T06:52:58.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-20T13:15:07.973",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332"
},
{
"source": "security@mautic.org",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-18 15:15
Modified
2024-09-23 23:21
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.
Users could inject malicious code into the notification when saving Dashboards.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F31C5536-1D68-46A3-BB5D-08A0AADAD8B1",
"versionEndExcluding": "4.4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.\n\nUsers could inject malicious code into the notification when saving Dashboards."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n parcheada, los usuarios que hab\u00edan iniciado sesi\u00f3n en Mautic eran vulnerables a una vulnerabilidad XSS propia en las notificaciones dentro de Mautic. Los usuarios pod\u00edan inyectar c\u00f3digo malicioso en la notificaci\u00f3n al guardar los Dashboards."
}
],
"id": "CVE-2022-25774",
"lastModified": "2024-09-23T23:21:35.443",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-18T15:15:13.253",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-23 20:15
Modified
2024-11-21 05:58
Severity ?
5.8 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8C98868-2DB4-48C5-8238-3AA1FA7B936B",
"versionEndExcluding": "3.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic\u2019s configuration that are used in publicly facing parts of the application."
},
{
"lang": "es",
"value": "En todas las versiones anteriores a Mautic 3.3.2, par\u00e1metros secretos, como las credenciales de la base de datos, pod\u00edan ser expuestos p\u00fablicamente por un usuario administrador autorizado aprovechando la sintaxis de los par\u00e1metros Symfony en cualquiera de los campos de texto libre en la configuraci\u00f3n de Mautic que son usadas en las partes de la aplicaci\u00f3n de cara al p\u00fablico"
}
],
"id": "CVE-2021-27908",
"lastModified": "2024-11-21T05:58:45.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.5,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-23T20:15:13.310",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-03 17:29
Modified
2024-11-21 03:04
Severity ?
Summary
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mautic/mautic/releases/tag/2.12.0 | Issue Tracking, Mitigation, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/releases/tag/2.12.0 | Issue Tracking, Mitigation, Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acquia | mautic | 2.0.0 | |
| acquia | mautic | 2.0.1 | |
| acquia | mautic | 2.1.0 | |
| acquia | mautic | 2.1.1 | |
| acquia | mautic | 2.2.0 | |
| acquia | mautic | 2.2.1 | |
| acquia | mautic | 2.3.0 | |
| acquia | mautic | 2.4.0 | |
| acquia | mautic | 2.5.0 | |
| acquia | mautic | 2.5.1 | |
| acquia | mautic | 2.6.0 | |
| acquia | mautic | 2.6.1 | |
| acquia | mautic | 2.7.0 | |
| acquia | mautic | 2.7.1 | |
| acquia | mautic | 2.8.0 | |
| acquia | mautic | 2.8.1 | |
| acquia | mautic | 2.8.2 | |
| acquia | mautic | 2.9.0 | |
| acquia | mautic | 2.9.1 | |
| acquia | mautic | 2.10.0 | |
| acquia | mautic | 2.10.1 | |
| acquia | mautic | 2.11.0 | |
| mautic | mautic | 2.9.0 | |
| mautic | mautic | 2.9.2 | |
| mautic | mautic | 2.10.0 | |
| mautic | mautic | 2.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3570E4D0-3F19-4343-B8D6-570693C231BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8183F886-F921-4B41-B4F4-BCADD1D82490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "821E491B-4306-43D8-9884-D26D557B85C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "067FE5C3-BD71-4F6F-9777-9429FBCD2669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352CCA25-B7E2-4878-83CD-D444DE1A4D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F537D29E-267F-41DA-A7D6-EAE8F2F1D0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6295440-4EB3-45EE-86B7-A06041580114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65FE8140-C008-4271-862A-02D8338E7471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F69C10-F74A-4399-9665-75C62AF1ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2343A267-12F1-4720-B548-74201E57CC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7CE6166-E6FA-40D7-9EA7-C329DA8396D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0E77CC-1C9E-47A1-A48D-1A098537F1EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4E6411-EF70-4AFA-A5EA-B4B31E3B87FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49602924-B1C2-40AB-9711-582B910C5135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF326AC-1598-4E5D-9138-74C9BB07D217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59461408-E345-40BE-8E0F-F6A6963B3815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504AFF4D-A70A-4AEB-A4F6-01146BD7DAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.9.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "578537AC-BF31-43D7-B80A-B5AD235882A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "477202B1-9A31-4C8A-9B22-B296BC413838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "AF978F65-E884-4814-8C37-38F699720069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95D68FA7-8E9C-4F94-89AC-05389DB5FC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "B650408E-4D7E-48C0-AF62-3C79DD5ACD52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEC05DD-9E41-4D78-9EDB-F086DFD0FD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ECE904-F0B8-4194-B35B-1A7404602CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09011058-0F31-4D8E-B1BB-3E3DC4437955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A48919-3F8F-41FC-9831-45766D3C3478",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address"
},
{
"lang": "es",
"value": "Mautic, de la versi\u00f3n 2.0.0 a la 2.11.0, con un plugin SSO instalado podr\u00eda permitir que un usuario deshabilitado pueda seguir iniciando sesi\u00f3n mediante una direcci\u00f3n de correo electr\u00f3nico."
}
],
"id": "CVE-2017-1000489",
"lastModified": "2024-11-21T03:04:51.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-03T17:29:00.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-30 16:15
Modified
2024-11-21 05:58
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc | Patch, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7B8AF8-5929-4515-9EFF-9F589FA3FFDC",
"versionEndExcluding": "3.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "A4B8FCED-A690-45D0-ACE1-871ADA2080F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "14D56FFE-E768-4502-BA7E-6B34BFE463B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:4.0.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "C536B44B-C713-47D1-9EBD-E2D94CB0561E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact\u0027s first or last name and triggered when viewing a contact\u0027s details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc."
},
{
"lang": "es",
"value": "Mautic versiones anteriores a 3.3.4/4.0.0, son vulnerables a un ataque de tipo inline JS XSS mediante el nombre o el apellido del contacto y es desencadenado cuando se visualiza la p\u00e1gina de detalles de un contacto y luego se hace clic en el desplegable de acciones y se pasa por encima del bot\u00f3n Campa\u00f1as. El nombre y los apellidos de los contactos pueden provenir de diferentes fuentes, como la interfaz de usuario, la API, la sincronizaci\u00f3n de terceros, los formularios, etc."
}
],
"id": "CVE-2021-27911",
"lastModified": "2024-11-21T05:58:46.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-30T16:15:07.347",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-18 15:15
Modified
2025-02-27 22:11
Severity ?
7.2 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.
This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F33A1516-0712-4E64-B354-76D6E8BDD475",
"versionEndExcluding": "3.3.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0239CC52-7B9C-4F8B-AF78-7B66C7CB914A",
"versionEndExcluding": "4.2.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.\n\nThis logic isn\u0027t correct, as the regex in the second FilesMatch only checks the filename, not the full path."
},
{
"lang": "es",
"value": "ImpactoEl archivo .htaccess predeterminado tiene algunas restricciones en el acceso a los archivos PHP para permitir que solo se ejecuten archivos PHP espec\u00edficos en la ra\u00edz de la aplicaci\u00f3n. Esta l\u00f3gica no es correcta, ya que la expresi\u00f3n regular en el segundo FilesMatch solo verifica el nombre del archivo, no la ruta completa."
}
],
"id": "CVE-2022-25769",
"lastModified": "2025-02-27T22:11:36.723",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.8,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-18T15:15:13.060",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56"
},
{
"source": "security@mautic.org",
"tags": [
"Release Notes"
],
"url": "https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-18 22:15
Modified
2024-09-27 15:13
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3CFAD0-A8EE-42B3-B30C-3D428E0DB029",
"versionEndExcluding": "4.4.13",
"versionStartExcluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC060988-1D0C-4CB2-A052-A0BCCD236381",
"versionEndExcluding": "5.1.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "99718D48-5C19-41C5-84E1-52E95F012830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "4E35B0F0-9BF1-45FA-8954-B8BFB7389C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "213A9276-B9D1-4B4D-BBE9-FC42B6D63DE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F366E4D8-1515-4E5F-8551-4C8D9E00D0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B4234B41-F219-45B7-83A1-8F0F652F2A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:1.0.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DA028F70-6020-47D6-BEC0-6FC0C7E18420",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report."
},
{
"lang": "es",
"value": "Antes de este parche, exist\u00eda una vulnerabilidad XSS almacenado en el seguimiento de contactos y en el informe de visitas a la p\u00e1gina."
}
],
"id": "CVE-2021-27917",
"lastModified": "2024-09-27T15:13:58.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-18T22:15:03.577",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-09 22:15
Modified
2024-11-21 05:26
Severity ?
Summary
A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "616EA98C-3979-447C-8DB7-2CA35E8D1B4E",
"versionEndExcluding": "2.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71DEAD83-29A4-41CE-9B3D-103942597F11",
"versionEndExcluding": "3.2.4",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept)."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el componente forms de Mautic versiones anteriores a 3.2.4, permite a atacantes remotos inyectar JavaScript ejecutable por medio de mautic[return] (un m\u00e9todo de ataque diferente al de CVE-2020-35124, pero tambi\u00e9n relacionado con el concepto Referer)"
}
],
"id": "CVE-2020-35125",
"lastModified": "2024-11-21T05:26:48.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-09T22:15:13.620",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forum.mautic.org/c/announcements/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-18 22:15
Modified
2025-02-27 19:43
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.
However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification.
This difference could be used to perform username enumeration.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-8vff-35qm-qjvv | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "218C24B5-AAED-49DE-BD4D-DA7B37D55744",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.\n\nHowever when an incorrect username is provided alongside with a weak password, the application responds with \u2019Invalid credentials\u2019 notification.\n\nThis difference could be used to perform username enumeration."
},
{
"lang": "es",
"value": "Al iniciar sesi\u00f3n con el nombre de usuario correcto y una contrase\u00f1a d\u00e9bil incorrecta, el usuario recibe una notificaci\u00f3n que indica que su contrase\u00f1a es demasiado d\u00e9bil. Sin embargo, cuando se proporciona un nombre de usuario incorrecto junto con una contrase\u00f1a d\u00e9bil, la aplicaci\u00f3n responde con una notificaci\u00f3n de \"Credenciales no v\u00e1lidas\". Esta diferencia se puede utilizar para realizar la enumeraci\u00f3n de nombres de usuario."
}
],
"id": "CVE-2024-47059",
"lastModified": "2025-02-27T19:43:42.530",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-18T22:15:04.650",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-8vff-35qm-qjvv"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-03 16:29
Modified
2024-11-21 03:04
Severity ?
Summary
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mautic/mautic/releases/tag/2.12.0 | Exploit, Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/releases/tag/2.12.0 | Exploit, Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| acquia | mautic | 2.1.0 | |
| acquia | mautic | 2.1.1 | |
| acquia | mautic | 2.2.0 | |
| acquia | mautic | 2.2.1 | |
| acquia | mautic | 2.3.0 | |
| acquia | mautic | 2.4.0 | |
| acquia | mautic | 2.5.0 | |
| acquia | mautic | 2.5.1 | |
| acquia | mautic | 2.6.0 | |
| acquia | mautic | 2.6.1 | |
| acquia | mautic | 2.7.0 | |
| acquia | mautic | 2.7.1 | |
| acquia | mautic | 2.8.0 | |
| acquia | mautic | 2.8.1 | |
| acquia | mautic | 2.8.2 | |
| acquia | mautic | 2.9.0 | |
| acquia | mautic | 2.9.1 | |
| acquia | mautic | 2.10.0 | |
| acquia | mautic | 2.10.1 | |
| acquia | mautic | 2.11.0 | |
| mautic | mautic | 2.9.0 | |
| mautic | mautic | 2.9.2 | |
| mautic | mautic | 2.10.0 | |
| mautic | mautic | 2.11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "821E491B-4306-43D8-9884-D26D557B85C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "067FE5C3-BD71-4F6F-9777-9429FBCD2669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "352CCA25-B7E2-4878-83CD-D444DE1A4D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F537D29E-267F-41DA-A7D6-EAE8F2F1D0B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6295440-4EB3-45EE-86B7-A06041580114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65FE8140-C008-4271-862A-02D8338E7471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F69C10-F74A-4399-9665-75C62AF1ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2343A267-12F1-4720-B548-74201E57CC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7CE6166-E6FA-40D7-9EA7-C329DA8396D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0E77CC-1C9E-47A1-A48D-1A098537F1EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4E6411-EF70-4AFA-A5EA-B4B31E3B87FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49602924-B1C2-40AB-9711-582B910C5135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF326AC-1598-4E5D-9138-74C9BB07D217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59461408-E345-40BE-8E0F-F6A6963B3815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "504AFF4D-A70A-4AEB-A4F6-01146BD7DAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.9.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "578537AC-BF31-43D7-B80A-B5AD235882A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "477202B1-9A31-4C8A-9B22-B296BC413838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.10.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "AF978F65-E884-4814-8C37-38F699720069",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "95D68FA7-8E9C-4F94-89AC-05389DB5FC55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:2.11.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "B650408E-4D7E-48C0-AF62-3C79DD5ACD52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CEC05DD-9E41-4D78-9EDB-F086DFD0FD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6ECE904-F0B8-4194-B35B-1A7404602CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09011058-0F31-4D8E-B1BB-3E3DC4437955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mautic:mautic:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A48919-3F8F-41FC-9831-45766D3C3478",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form."
},
{
"lang": "es",
"value": "Mautic, de la versi\u00f3n 2.1.0 a la 2.11.0, es vulnerable a un ataque en l\u00ednea de JS XSS al emplear formularios Mautic en una p\u00e1gina de aterrizaje mediante par\u00e1metros GET para prerrellenar el formulario."
}
],
"id": "CVE-2017-1000488",
"lastModified": "2024-11-21T03:04:50.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-03T16:29:00.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.12.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-20 18:15
Modified
2024-11-21 03:42
Severity ?
Summary
An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mautic/mautic/releases/tag/2.14.0 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mautic/mautic/releases/tag/2.14.0 | Release Notes, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAAD9BA-4AA9-4733-B19E-9A43ED2231E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Mautic versi\u00f3n 2.13.1. Presenta una vulnerabilidad de tipo XSS almacenado por medio del campo company name."
}
],
"id": "CVE-2018-11200",
"lastModified": "2024-11-21T03:42:52.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-20T18:15:10.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.14.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/releases/tag/2.14.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-18 15:15
Modified
2024-09-24 15:19
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.
Users could potentially access sensitive data such as names and surnames, company names and stage names.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CFF2CB-ED56-492C-BD50-7E127044780A",
"versionEndExcluding": "4.4.12",
"versionStartIncluding": "1.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3123A79D-F360-44BE-85BA-34304F3E1B40",
"versionEndExcluding": "5.0.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.\n\nUsers could potentially access sensitive data such as names and surnames, company names and stage names."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n parcheada, los usuarios registrados de Mautic pod\u00edan acceder a \u00e1reas de la aplicaci\u00f3n a las que no deber\u00edan tener acceso. Los usuarios podr\u00edan acceder a datos confidenciales como nombres y apellidos, nombres de empresas y nombres art\u00edsticos."
}
],
"id": "CVE-2022-25776",
"lastModified": "2024-09-24T15:19:46.117",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-18T15:15:13.620",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-17 15:15
Modified
2024-10-02 14:29
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.
This vulnerability exists in the implementation of the GrapesJS builder in Mautic.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mautic.org | https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E77843FD-5121-4011-B385-578019A032A0",
"versionEndExcluding": "4.4.12",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:acquia:mautic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3123A79D-F360-44BE-85BA-34304F3E1B40",
"versionEndExcluding": "5.0.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.\n\nThis vulnerability exists in the implementation of the GrapesJS builder in Mautic."
},
{
"lang": "es",
"value": "Antes de la versi\u00f3n parcheada, los usuarios registrados de Mautic eran vulnerables a la eliminaci\u00f3n arbitraria de archivos y al recorrido de ruta relativa. Independientemente del nivel de acceso que tuviera el usuario de Mautic, pod\u00eda eliminar archivos que no estuvieran en las carpetas multimedia, como archivos del sistema, librer\u00edas u otros archivos importantes. Esta vulnerabilidad existe en la implementaci\u00f3n del generador GrapesJS en Mautic."
}
],
"id": "CVE-2021-27916",
"lastModified": "2024-10-02T14:29:42.407",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@mautic.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-17T15:15:11.967",
"references": [
{
"source": "security@mautic.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p"
}
],
"sourceIdentifier": "security@mautic.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security@mautic.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}