Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/mautic/core@2.11.0
Typecomposer
Namespacemautic
Namecore
Version2.11.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.10
Latest_non_vulnerable_version7.0.1
Affected_by_vulnerabilities
0
url VCID-19zs-w8hs-abdm
vulnerability_id VCID-19zs-w8hs-abdm
summary 
Mautic vulnerable to Improper Access Control in UI upgrade process
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25768
reference_id
reference_type
scores
0
value 0.00369
scoring_system epss
scoring_elements 0.59149
published_at 2026-06-05T12:55:00Z
1
value 0.00369
scoring_system epss
scoring_elements 0.59101
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25768
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/89f964d06f00688016b38a56dfd9e95fc676c7ce
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/89f964d06f00688016b38a56dfd9e95fc676c7ce
3
reference_url https://github.com/mautic/mautic/commit/925aeee7d3dbb6ca67f92d9dc5893d99250f739b
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/925aeee7d3dbb6ca67f92d9dc5893d99250f739b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25768
reference_id CVE-2022-25768
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25768
5
reference_url https://github.com/advisories/GHSA-x3jx-5w6m-q2fc
reference_id GHSA-x3jx-5w6m-q2fc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x3jx-5w6m-q2fc
6
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc
reference_id GHSA-x3jx-5w6m-q2fc
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:42:37Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc
fixed_packages
0
url pkg:composer/mautic/core@4.4.13
purl pkg:composer/mautic/core@4.4.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3q5j-jj2b-t7de
1
vulnerability VCID-6yv4-1yes-hkfs
2
vulnerability VCID-9upf-7u9p-hkaa
3
vulnerability VCID-a3qv-sg57-gfd4
4
vulnerability VCID-ckj2-3ujt-fbhz
5
vulnerability VCID-f8d8-kqpm-ekhc
6
vulnerability VCID-fa5a-r46u-nbfm
7
vulnerability VCID-g21m-aehf-wkfw
8
vulnerability VCID-hj6u-3g1s-97bm
9
vulnerability VCID-jxs8-apn6-dbfd
10
vulnerability VCID-qz5x-pz9p-93eu
11
vulnerability VCID-s7r1-3b25-bbe6
12
vulnerability VCID-swy6-81uq-4kcs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13
1
url pkg:composer/mautic/core@5.1.1
purl pkg:composer/mautic/core@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3q5j-jj2b-t7de
1
vulnerability VCID-6yv4-1yes-hkfs
2
vulnerability VCID-9upf-7u9p-hkaa
3
vulnerability VCID-a3qv-sg57-gfd4
4
vulnerability VCID-ckj2-3ujt-fbhz
5
vulnerability VCID-f8d8-kqpm-ekhc
6
vulnerability VCID-fa5a-r46u-nbfm
7
vulnerability VCID-g21m-aehf-wkfw
8
vulnerability VCID-hj6u-3g1s-97bm
9
vulnerability VCID-jxs8-apn6-dbfd
10
vulnerability VCID-qz5x-pz9p-93eu
11
vulnerability VCID-s7r1-3b25-bbe6
12
vulnerability VCID-swy6-81uq-4kcs
13
vulnerability VCID-xsmg-dqq4-kqgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1
aliases CVE-2022-25768, GHSA-x3jx-5w6m-q2fc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19zs-w8hs-abdm
1
url VCID-1hew-3rb7-tkg8
vulnerability_id VCID-1hew-3rb7-tkg8
summary 
Cross-site Scripting
There is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter `bundle` in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27909
reference_id
reference_type
scores
0
value 0.18658
scoring_system epss
scoring_elements 0.95403
published_at 2026-06-05T12:55:00Z
1
value 0.18658
scoring_system epss
scoring_elements 0.95395
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27909
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27909.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27909.yaml
2
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
3
reference_url https://github.com/mautic/mautic/commit/942cb6992df619fdf1c181bfad9e25d5d4178b6f
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/942cb6992df619fdf1c181bfad9e25d5d4178b6f
4
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27909
reference_id CVE-2021-27909
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27909
fixed_packages
0
url pkg:composer/mautic/core@3.3.4
purl pkg:composer/mautic/core@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3agv-evyh-k3hk
4
vulnerability VCID-3q5j-jj2b-t7de
5
vulnerability VCID-5dp5-sahm-affj
6
vulnerability VCID-8h2f-f8zx-wbfn
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9upf-7u9p-hkaa
9
vulnerability VCID-bdse-4ypf-abe3
10
vulnerability VCID-ckj2-3ujt-fbhz
11
vulnerability VCID-e29q-5hg5-cfdq
12
vulnerability VCID-g21m-aehf-wkfw
13
vulnerability VCID-jxs8-apn6-dbfd
14
vulnerability VCID-n3p3-jsyf-wuf5
15
vulnerability VCID-puaz-79mc-4bc6
16
vulnerability VCID-qhxy-1kmh-wyh2
17
vulnerability VCID-sd7d-573z-n7dk
18
vulnerability VCID-swy6-81uq-4kcs
19
vulnerability VCID-whnz-qj59-vkgz
20
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4
1
url pkg:composer/mautic/core@4.0.0
purl pkg:composer/mautic/core@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3agv-evyh-k3hk
4
vulnerability VCID-3q5j-jj2b-t7de
5
vulnerability VCID-5dp5-sahm-affj
6
vulnerability VCID-8h2f-f8zx-wbfn
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9t6r-g255-zbdq
9
vulnerability VCID-9upf-7u9p-hkaa
10
vulnerability VCID-a3qv-sg57-gfd4
11
vulnerability VCID-bdse-4ypf-abe3
12
vulnerability VCID-ckj2-3ujt-fbhz
13
vulnerability VCID-e29q-5hg5-cfdq
14
vulnerability VCID-g21m-aehf-wkfw
15
vulnerability VCID-hj6u-3g1s-97bm
16
vulnerability VCID-jxs8-apn6-dbfd
17
vulnerability VCID-mbfx-4u6j-ybfp
18
vulnerability VCID-n3p3-jsyf-wuf5
19
vulnerability VCID-puaz-79mc-4bc6
20
vulnerability VCID-qhxy-1kmh-wyh2
21
vulnerability VCID-sd7d-573z-n7dk
22
vulnerability VCID-swy6-81uq-4kcs
23
vulnerability VCID-whnz-qj59-vkgz
24
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0
aliases CVE-2021-27909, GHSA-32hw-3pvh-vcvc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1hew-3rb7-tkg8
2
url VCID-1unf-fcpb-t7gr
vulnerability_id VCID-1unf-fcpb-t7gr
summary 
Cross-site Scripting
Mautic is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35129
reference_id
reference_type
scores
0
value 0.00617
scoring_system epss
scoring_elements 0.70358
published_at 2026-06-05T12:55:00Z
1
value 0.00617
scoring_system epss
scoring_elements 0.70316
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35129
1
reference_url https://forum.mautic.org/c/announcements/16
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://forum.mautic.org/c/announcements/16
2
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
3
reference_url https://labs.bishopfox.com/advisories/mautic-version-3.2.2
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://labs.bishopfox.com/advisories/mautic-version-3.2.2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35129
reference_id CVE-2020-35129
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35129
5
reference_url https://github.com/advisories/GHSA-3px5-wjh3-9x6r
reference_id GHSA-3px5-wjh3-9x6r
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3px5-wjh3-9x6r
fixed_packages
0
url pkg:composer/mautic/core@3.2.4
purl pkg:composer/mautic/core@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1x5b-am33-mkh4
3
vulnerability VCID-2e51-qg2k-vqhd
4
vulnerability VCID-3agv-evyh-k3hk
5
vulnerability VCID-3q5j-jj2b-t7de
6
vulnerability VCID-5dp5-sahm-affj
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9t6r-g255-zbdq
9
vulnerability VCID-9upf-7u9p-hkaa
10
vulnerability VCID-bdse-4ypf-abe3
11
vulnerability VCID-ckj2-3ujt-fbhz
12
vulnerability VCID-e29q-5hg5-cfdq
13
vulnerability VCID-g21m-aehf-wkfw
14
vulnerability VCID-ghuh-z1uh-mbf5
15
vulnerability VCID-gnga-y8vw-1kgm
16
vulnerability VCID-jxs8-apn6-dbfd
17
vulnerability VCID-mbfx-4u6j-ybfp
18
vulnerability VCID-n3p3-jsyf-wuf5
19
vulnerability VCID-puaz-79mc-4bc6
20
vulnerability VCID-qhxy-1kmh-wyh2
21
vulnerability VCID-sd7d-573z-n7dk
22
vulnerability VCID-swy6-81uq-4kcs
23
vulnerability VCID-trhp-bjp1-57ey
24
vulnerability VCID-whnz-qj59-vkgz
25
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4
aliases CVE-2020-35129, GHSA-3px5-wjh3-9x6r
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1unf-fcpb-t7gr
3
url VCID-1x5b-am33-mkh4
vulnerability_id VCID-1x5b-am33-mkh4
summary 
Mautic has insufficient authentication in upgrade flow
Mautic allows you to update the application via an upgrade script.

The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.

This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25770
reference_id
reference_type
scores
0
value 0.00296
scoring_system epss
scoring_elements 0.53243
published_at 2026-06-05T12:55:00Z
1
value 0.00296
scoring_system epss
scoring_elements 0.53181
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25770
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca
3
reference_url https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25770
reference_id CVE-2022-25770
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25770
5
reference_url https://github.com/advisories/GHSA-qf6m-6m4g-rmrc
reference_id GHSA-qf6m-6m4g-rmrc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qf6m-6m4g-rmrc
6
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc
reference_id GHSA-qf6m-6m4g-rmrc
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T14:47:02Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc
fixed_packages
0
url pkg:composer/mautic/core@4.4.13
purl pkg:composer/mautic/core@4.4.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3q5j-jj2b-t7de
1
vulnerability VCID-6yv4-1yes-hkfs
2
vulnerability VCID-9upf-7u9p-hkaa
3
vulnerability VCID-a3qv-sg57-gfd4
4
vulnerability VCID-ckj2-3ujt-fbhz
5
vulnerability VCID-f8d8-kqpm-ekhc
6
vulnerability VCID-fa5a-r46u-nbfm
7
vulnerability VCID-g21m-aehf-wkfw
8
vulnerability VCID-hj6u-3g1s-97bm
9
vulnerability VCID-jxs8-apn6-dbfd
10
vulnerability VCID-qz5x-pz9p-93eu
11
vulnerability VCID-s7r1-3b25-bbe6
12
vulnerability VCID-swy6-81uq-4kcs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13
1
url pkg:composer/mautic/core@5.1.1
purl pkg:composer/mautic/core@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3q5j-jj2b-t7de
1
vulnerability VCID-6yv4-1yes-hkfs
2
vulnerability VCID-9upf-7u9p-hkaa
3
vulnerability VCID-a3qv-sg57-gfd4
4
vulnerability VCID-ckj2-3ujt-fbhz
5
vulnerability VCID-f8d8-kqpm-ekhc
6
vulnerability VCID-fa5a-r46u-nbfm
7
vulnerability VCID-g21m-aehf-wkfw
8
vulnerability VCID-hj6u-3g1s-97bm
9
vulnerability VCID-jxs8-apn6-dbfd
10
vulnerability VCID-qz5x-pz9p-93eu
11
vulnerability VCID-s7r1-3b25-bbe6
12
vulnerability VCID-swy6-81uq-4kcs
13
vulnerability VCID-xsmg-dqq4-kqgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1
aliases CVE-2022-25770, GHSA-qf6m-6m4g-rmrc
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1x5b-am33-mkh4
4
url VCID-2bf9-tpw5-6ybc
vulnerability_id VCID-2bf9-tpw5-6ybc
summary 
Injection Vulnerability
Mautic allows CSV injection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8092
reference_id
reference_type
scores
0
value 0.00486
scoring_system epss
scoring_elements 0.65796
published_at 2026-06-05T12:55:00Z
1
value 0.00486
scoring_system epss
scoring_elements 0.65743
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8092
1
reference_url https://github.com/mautic/mautic/commit/cbc49f0ac4cc7e3acc07f2a85c079b2f85225a6b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/cbc49f0ac4cc7e3acc07f2a85c079b2f85225a6b
2
reference_url https://github.com/mautic/mautic/releases/tag/2.13.0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/2.13.0
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-29v9-2fpx-j5g9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-29v9-2fpx-j5g9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8092
reference_id CVE-2018-8092
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8092
fixed_packages
0
url pkg:composer/mautic/core@2.13.0
purl pkg:composer/mautic/core@2.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2e51-qg2k-vqhd
5
vulnerability VCID-3agv-evyh-k3hk
6
vulnerability VCID-3q5j-jj2b-t7de
7
vulnerability VCID-5dp5-sahm-affj
8
vulnerability VCID-9kw2-q4ek-jugf
9
vulnerability VCID-9t6r-g255-zbdq
10
vulnerability VCID-9tjy-3czw-37as
11
vulnerability VCID-9upf-7u9p-hkaa
12
vulnerability VCID-bdse-4ypf-abe3
13
vulnerability VCID-ckj2-3ujt-fbhz
14
vulnerability VCID-dh9y-k8zb-zkew
15
vulnerability VCID-e29q-5hg5-cfdq
16
vulnerability VCID-g21m-aehf-wkfw
17
vulnerability VCID-ghuh-z1uh-mbf5
18
vulnerability VCID-gnga-y8vw-1kgm
19
vulnerability VCID-j624-5zx3-c7c8
20
vulnerability VCID-jxs8-apn6-dbfd
21
vulnerability VCID-mbfx-4u6j-ybfp
22
vulnerability VCID-n3p3-jsyf-wuf5
23
vulnerability VCID-p9jy-6mbb-ukad
24
vulnerability VCID-puaz-79mc-4bc6
25
vulnerability VCID-qhxy-1kmh-wyh2
26
vulnerability VCID-sd7d-573z-n7dk
27
vulnerability VCID-swy6-81uq-4kcs
28
vulnerability VCID-trhp-bjp1-57ey
29
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.13.0
aliases CVE-2018-8092, GHSA-29v9-2fpx-j5g9
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2bf9-tpw5-6ybc
5
url VCID-2e51-qg2k-vqhd
vulnerability_id VCID-2e51-qg2k-vqhd
summary 
Mautic vulnerable to XSS in contact/company tracking (no authentication)
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47050
reference_id
reference_type
scores
0
value 0.01135
scoring_system epss
scoring_elements 0.78733
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47050
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/0f21a3aa9c896788e1986fae0d7f166fc7a14c30
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/0f21a3aa9c896788e1986fae0d7f166fc7a14c30
3
reference_url https://github.com/mautic/mautic/commit/43db5e492c0ef82c917745849d5b454dbc8ca2c4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/43db5e492c0ef82c917745849d5b454dbc8ca2c4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47050
reference_id CVE-2024-47050
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47050
5
reference_url https://github.com/advisories/GHSA-73gr-32wg-qhh7
reference_id GHSA-73gr-32wg-qhh7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-73gr-32wg-qhh7
6
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7
reference_id GHSA-73gr-32wg-qhh7
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:41:10Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7
fixed_packages
0
url pkg:composer/mautic/core@4.4.13
purl pkg:composer/mautic/core@4.4.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3q5j-jj2b-t7de
1
vulnerability VCID-6yv4-1yes-hkfs
2
vulnerability VCID-9upf-7u9p-hkaa
3
vulnerability VCID-a3qv-sg57-gfd4
4
vulnerability VCID-ckj2-3ujt-fbhz
5
vulnerability VCID-f8d8-kqpm-ekhc
6
vulnerability VCID-fa5a-r46u-nbfm
7
vulnerability VCID-g21m-aehf-wkfw
8
vulnerability VCID-hj6u-3g1s-97bm
9
vulnerability VCID-jxs8-apn6-dbfd
10
vulnerability VCID-qz5x-pz9p-93eu
11
vulnerability VCID-s7r1-3b25-bbe6
12
vulnerability VCID-swy6-81uq-4kcs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13
1
url pkg:composer/mautic/core@5.1.1
purl pkg:composer/mautic/core@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3q5j-jj2b-t7de
1
vulnerability VCID-6yv4-1yes-hkfs
2
vulnerability VCID-9upf-7u9p-hkaa
3
vulnerability VCID-a3qv-sg57-gfd4
4
vulnerability VCID-ckj2-3ujt-fbhz
5
vulnerability VCID-f8d8-kqpm-ekhc
6
vulnerability VCID-fa5a-r46u-nbfm
7
vulnerability VCID-g21m-aehf-wkfw
8
vulnerability VCID-hj6u-3g1s-97bm
9
vulnerability VCID-jxs8-apn6-dbfd
10
vulnerability VCID-qz5x-pz9p-93eu
11
vulnerability VCID-s7r1-3b25-bbe6
12
vulnerability VCID-swy6-81uq-4kcs
13
vulnerability VCID-xsmg-dqq4-kqgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1
aliases CVE-2024-47050, GHSA-73gr-32wg-qhh7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2e51-qg2k-vqhd
6
url VCID-3agv-evyh-k3hk
vulnerability_id VCID-3agv-evyh-k3hk
summary 
Cross-site Scripting vulnerability in Mautic's tracking pixel functionality
### Impact

Mautic allows you to track open rates by using tracking pixels. 
The tracking information is stored together with extra metadata of the tracking request.

The output isn't sufficiently filtered when showing the metadata of the tracking information, which may lead to a vulnerable situation.

### Patches

Please upgrade to 4.3.0

### Workarounds
None.

### References
* Internally tracked under MST-38

### For more information
If you have any questions or comments about this advisory:
* Email us at [security@mautic.org](mailto:security@mautic.org)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25772
reference_id
reference_type
scores
0
value 0.02993
scoring_system epss
scoring_elements 0.86808
published_at 2026-06-04T12:55:00Z
1
value 0.02993
scoring_system epss
scoring_elements 0.86831
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25772
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/462eb596027fd949efbf9ac5cb2b376805e9d246
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/462eb596027fd949efbf9ac5cb2b376805e9d246
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25772
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25772
5
reference_url https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html
6
reference_url https://github.com/advisories/GHSA-pjpc-87mp-4332
reference_id GHSA-pjpc-87mp-4332
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pjpc-87mp-4332
fixed_packages
0
url pkg:composer/mautic/core@4.3.0
purl pkg:composer/mautic/core@4.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3q5j-jj2b-t7de
4
vulnerability VCID-5dp5-sahm-affj
5
vulnerability VCID-8h2f-f8zx-wbfn
6
vulnerability VCID-9kw2-q4ek-jugf
7
vulnerability VCID-9upf-7u9p-hkaa
8
vulnerability VCID-a3qv-sg57-gfd4
9
vulnerability VCID-bdse-4ypf-abe3
10
vulnerability VCID-ckj2-3ujt-fbhz
11
vulnerability VCID-e29q-5hg5-cfdq
12
vulnerability VCID-g21m-aehf-wkfw
13
vulnerability VCID-hj6u-3g1s-97bm
14
vulnerability VCID-jxs8-apn6-dbfd
15
vulnerability VCID-n3p3-jsyf-wuf5
16
vulnerability VCID-sd7d-573z-n7dk
17
vulnerability VCID-swy6-81uq-4kcs
18
vulnerability VCID-whnz-qj59-vkgz
19
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.3.0
aliases CVE-2022-25772, GHSA-pjpc-87mp-4332, GMS-2022-1448
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3agv-evyh-k3hk
7
url VCID-3q5j-jj2b-t7de
vulnerability_id VCID-3q5j-jj2b-t7de
summary 
Mautic has insufficient authentication in upgrade flow
Mautic allows you to update the application via an upgrade script.

The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.

This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47051
reference_id
reference_type
scores
0
value 0.01106
scoring_system epss
scoring_elements 0.78462
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47051
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca
reference_id
reference_type
scores
url https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca
3
reference_url https://github.com/mautic/mautic/commit/75bc488ce98b9c8ec01114984049fc1c42c0cae5
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/75bc488ce98b9c8ec01114984049fc1c42c0cae5
4
reference_url https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf
reference_id
reference_type
scores
url https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf
5
reference_url https://owasp.org/www-community/attacks/Code_Injection
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T14:29:14Z/
url https://owasp.org/www-community/attacks/Code_Injection
6
reference_url https://owasp.org/www-community/attacks/Path_Traversal
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T14:29:14Z/
url https://owasp.org/www-community/attacks/Path_Traversal
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47051
reference_id CVE-2024-47051
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47051
8
reference_url https://github.com/advisories/GHSA-73gx-x7r9-77x2
reference_id GHSA-73gx-x7r9-77x2
reference_type
scores
url https://github.com/advisories/GHSA-73gx-x7r9-77x2
9
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
reference_id GHSA-73gx-x7r9-77x2
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T14:29:14Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
10
reference_url https://github.com/advisories/GHSA-qf6m-6m4g-rmrc
reference_id GHSA-qf6m-6m4g-rmrc
reference_type
scores
url https://github.com/advisories/GHSA-qf6m-6m4g-rmrc
11
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc
reference_id GHSA-qf6m-6m4g-rmrc
reference_type
scores
url https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc
fixed_packages
0
url pkg:composer/mautic/core@5.2.3
purl pkg:composer/mautic/core@5.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6yv4-1yes-hkfs
1
vulnerability VCID-a3qv-sg57-gfd4
2
vulnerability VCID-f8d8-kqpm-ekhc
3
vulnerability VCID-fa5a-r46u-nbfm
4
vulnerability VCID-g21m-aehf-wkfw
5
vulnerability VCID-hj6u-3g1s-97bm
6
vulnerability VCID-jxs8-apn6-dbfd
7
vulnerability VCID-qz5x-pz9p-93eu
8
vulnerability VCID-s7r1-3b25-bbe6
9
vulnerability VCID-swy6-81uq-4kcs
10
vulnerability VCID-xsmg-dqq4-kqgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.3
aliases CVE-2024-47051, GHSA-73gx-x7r9-77x2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3q5j-jj2b-t7de
8
url VCID-4kqw-y2ds-eue2
vulnerability_id VCID-4kqw-y2ds-eue2
summary 
Cross-site Scripting
Mautic contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000506
reference_id
reference_type
scores
0
value 0.00398
scoring_system epss
scoring_elements 0.60946
published_at 2026-06-05T12:55:00Z
1
value 0.00398
scoring_system epss
scoring_elements 0.60898
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000506
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/issues/5222
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/issues/5222
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000506
reference_id CVE-2017-1000506
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000506
fixed_packages
0
url pkg:composer/mautic/core@2.12.0-beta
purl pkg:composer/mautic/core@2.12.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2bf9-tpw5-6ybc
5
vulnerability VCID-2e51-qg2k-vqhd
6
vulnerability VCID-3agv-evyh-k3hk
7
vulnerability VCID-3q5j-jj2b-t7de
8
vulnerability VCID-5dp5-sahm-affj
9
vulnerability VCID-7nmh-nhm6-abhr
10
vulnerability VCID-9kw2-q4ek-jugf
11
vulnerability VCID-9t6r-g255-zbdq
12
vulnerability VCID-9tjy-3czw-37as
13
vulnerability VCID-9upf-7u9p-hkaa
14
vulnerability VCID-bdse-4ypf-abe3
15
vulnerability VCID-ckj2-3ujt-fbhz
16
vulnerability VCID-dh9y-k8zb-zkew
17
vulnerability VCID-e29q-5hg5-cfdq
18
vulnerability VCID-g21m-aehf-wkfw
19
vulnerability VCID-ghuh-z1uh-mbf5
20
vulnerability VCID-gnga-y8vw-1kgm
21
vulnerability VCID-hwrr-6qe1-77gn
22
vulnerability VCID-j624-5zx3-c7c8
23
vulnerability VCID-jxs8-apn6-dbfd
24
vulnerability VCID-mbfx-4u6j-ybfp
25
vulnerability VCID-n3p3-jsyf-wuf5
26
vulnerability VCID-p9jy-6mbb-ukad
27
vulnerability VCID-puaz-79mc-4bc6
28
vulnerability VCID-qhxy-1kmh-wyh2
29
vulnerability VCID-sd7d-573z-n7dk
30
vulnerability VCID-swy6-81uq-4kcs
31
vulnerability VCID-trhp-bjp1-57ey
32
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0-beta
1
url pkg:composer/mautic/core@2.12.0
purl pkg:composer/mautic/core@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2bf9-tpw5-6ybc
5
vulnerability VCID-2e51-qg2k-vqhd
6
vulnerability VCID-3agv-evyh-k3hk
7
vulnerability VCID-3q5j-jj2b-t7de
8
vulnerability VCID-5dp5-sahm-affj
9
vulnerability VCID-7nmh-nhm6-abhr
10
vulnerability VCID-9kw2-q4ek-jugf
11
vulnerability VCID-9t6r-g255-zbdq
12
vulnerability VCID-9tjy-3czw-37as
13
vulnerability VCID-9upf-7u9p-hkaa
14
vulnerability VCID-bdse-4ypf-abe3
15
vulnerability VCID-ckj2-3ujt-fbhz
16
vulnerability VCID-dh9y-k8zb-zkew
17
vulnerability VCID-e29q-5hg5-cfdq
18
vulnerability VCID-g21m-aehf-wkfw
19
vulnerability VCID-ghuh-z1uh-mbf5
20
vulnerability VCID-gnga-y8vw-1kgm
21
vulnerability VCID-hwrr-6qe1-77gn
22
vulnerability VCID-j624-5zx3-c7c8
23
vulnerability VCID-jxs8-apn6-dbfd
24
vulnerability VCID-mbfx-4u6j-ybfp
25
vulnerability VCID-n3p3-jsyf-wuf5
26
vulnerability VCID-p9jy-6mbb-ukad
27
vulnerability VCID-puaz-79mc-4bc6
28
vulnerability VCID-qhxy-1kmh-wyh2
29
vulnerability VCID-sd7d-573z-n7dk
30
vulnerability VCID-swy6-81uq-4kcs
31
vulnerability VCID-trhp-bjp1-57ey
32
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0
2
url pkg:composer/mautic/core@2.14.2
purl pkg:composer/mautic/core@2.14.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2e51-qg2k-vqhd
5
vulnerability VCID-3agv-evyh-k3hk
6
vulnerability VCID-3q5j-jj2b-t7de
7
vulnerability VCID-5dp5-sahm-affj
8
vulnerability VCID-9kw2-q4ek-jugf
9
vulnerability VCID-9t6r-g255-zbdq
10
vulnerability VCID-9tjy-3czw-37as
11
vulnerability VCID-9upf-7u9p-hkaa
12
vulnerability VCID-bdse-4ypf-abe3
13
vulnerability VCID-ckj2-3ujt-fbhz
14
vulnerability VCID-dh9y-k8zb-zkew
15
vulnerability VCID-e29q-5hg5-cfdq
16
vulnerability VCID-g21m-aehf-wkfw
17
vulnerability VCID-ghuh-z1uh-mbf5
18
vulnerability VCID-gnga-y8vw-1kgm
19
vulnerability VCID-j624-5zx3-c7c8
20
vulnerability VCID-jxs8-apn6-dbfd
21
vulnerability VCID-mbfx-4u6j-ybfp
22
vulnerability VCID-n3p3-jsyf-wuf5
23
vulnerability VCID-p9jy-6mbb-ukad
24
vulnerability VCID-puaz-79mc-4bc6
25
vulnerability VCID-qhxy-1kmh-wyh2
26
vulnerability VCID-sd7d-573z-n7dk
27
vulnerability VCID-swy6-81uq-4kcs
28
vulnerability VCID-trhp-bjp1-57ey
29
vulnerability VCID-whnz-qj59-vkgz
30
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.14.2
aliases CVE-2017-1000506, GHSA-358v-cqjc-2pcq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kqw-y2ds-eue2
9
url VCID-4yn2-rg69-hqcs
vulnerability_id VCID-4yn2-rg69-hqcs
summary 
Path Traversal
Any authorized Mautic user could use the Filemanager to download any file from the server that the web user has access to.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000490
reference_id
reference_type
scores
0
value 0.00344
scoring_system epss
scoring_elements 0.57213
published_at 2026-06-04T12:55:00Z
1
value 0.00344
scoring_system epss
scoring_elements 0.57265
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000490
1
reference_url https://github.com/mautic/mautic/commit/3b01786433ae15e9a23f1eb9b0d3dfdb065b6241
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/3b01786433ae15e9a23f1eb9b0d3dfdb065b6241
2
reference_url https://github.com/mautic/mautic/releases/tag/2.12.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/2.12.0
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-qpgw-2c72-4c89
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-qpgw-2c72-4c89
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000490
reference_id CVE-2017-1000490
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000490
fixed_packages
0
url pkg:composer/mautic/core@2.12.0-beta
purl pkg:composer/mautic/core@2.12.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2bf9-tpw5-6ybc
5
vulnerability VCID-2e51-qg2k-vqhd
6
vulnerability VCID-3agv-evyh-k3hk
7
vulnerability VCID-3q5j-jj2b-t7de
8
vulnerability VCID-5dp5-sahm-affj
9
vulnerability VCID-7nmh-nhm6-abhr
10
vulnerability VCID-9kw2-q4ek-jugf
11
vulnerability VCID-9t6r-g255-zbdq
12
vulnerability VCID-9tjy-3czw-37as
13
vulnerability VCID-9upf-7u9p-hkaa
14
vulnerability VCID-bdse-4ypf-abe3
15
vulnerability VCID-ckj2-3ujt-fbhz
16
vulnerability VCID-dh9y-k8zb-zkew
17
vulnerability VCID-e29q-5hg5-cfdq
18
vulnerability VCID-g21m-aehf-wkfw
19
vulnerability VCID-ghuh-z1uh-mbf5
20
vulnerability VCID-gnga-y8vw-1kgm
21
vulnerability VCID-hwrr-6qe1-77gn
22
vulnerability VCID-j624-5zx3-c7c8
23
vulnerability VCID-jxs8-apn6-dbfd
24
vulnerability VCID-mbfx-4u6j-ybfp
25
vulnerability VCID-n3p3-jsyf-wuf5
26
vulnerability VCID-p9jy-6mbb-ukad
27
vulnerability VCID-puaz-79mc-4bc6
28
vulnerability VCID-qhxy-1kmh-wyh2
29
vulnerability VCID-sd7d-573z-n7dk
30
vulnerability VCID-swy6-81uq-4kcs
31
vulnerability VCID-trhp-bjp1-57ey
32
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0-beta
1
url pkg:composer/mautic/core@2.12.0
purl pkg:composer/mautic/core@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2bf9-tpw5-6ybc
5
vulnerability VCID-2e51-qg2k-vqhd
6
vulnerability VCID-3agv-evyh-k3hk
7
vulnerability VCID-3q5j-jj2b-t7de
8
vulnerability VCID-5dp5-sahm-affj
9
vulnerability VCID-7nmh-nhm6-abhr
10
vulnerability VCID-9kw2-q4ek-jugf
11
vulnerability VCID-9t6r-g255-zbdq
12
vulnerability VCID-9tjy-3czw-37as
13
vulnerability VCID-9upf-7u9p-hkaa
14
vulnerability VCID-bdse-4ypf-abe3
15
vulnerability VCID-ckj2-3ujt-fbhz
16
vulnerability VCID-dh9y-k8zb-zkew
17
vulnerability VCID-e29q-5hg5-cfdq
18
vulnerability VCID-g21m-aehf-wkfw
19
vulnerability VCID-ghuh-z1uh-mbf5
20
vulnerability VCID-gnga-y8vw-1kgm
21
vulnerability VCID-hwrr-6qe1-77gn
22
vulnerability VCID-j624-5zx3-c7c8
23
vulnerability VCID-jxs8-apn6-dbfd
24
vulnerability VCID-mbfx-4u6j-ybfp
25
vulnerability VCID-n3p3-jsyf-wuf5
26
vulnerability VCID-p9jy-6mbb-ukad
27
vulnerability VCID-puaz-79mc-4bc6
28
vulnerability VCID-qhxy-1kmh-wyh2
29
vulnerability VCID-sd7d-573z-n7dk
30
vulnerability VCID-swy6-81uq-4kcs
31
vulnerability VCID-trhp-bjp1-57ey
32
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0
aliases CVE-2017-1000490, GHSA-qpgw-2c72-4c89
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4yn2-rg69-hqcs
10
url VCID-5dp5-sahm-affj
vulnerability_id VCID-5dp5-sahm-affj
summary 
Mautic: MST-48  Server-Side Request Forgery in Asset section
Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25777
reference_id
reference_type
scores
0
value 0.00188
scoring_system epss
scoring_elements 0.40514
published_at 2026-06-05T12:55:00Z
1
value 0.00188
scoring_system epss
scoring_elements 0.40434
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25777
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/b4b4ab5f0613854152ceb7b5e5228acf50648fd0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/b4b4ab5f0613854152ceb7b5e5228acf50648fd0
3
reference_url https://github.com/mautic/mautic/commit/c54befd9eaaa49e4fc10a0fe22435c09ef2821b2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/c54befd9eaaa49e4fc10a0fe22435c09ef2821b2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25777
reference_id CVE-2022-25777
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25777
5
reference_url https://github.com/advisories/GHSA-mgv8-w49f-822w
reference_id GHSA-mgv8-w49f-822w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mgv8-w49f-822w
6
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w
reference_id GHSA-mgv8-w49f-822w
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T17:16:39Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w
fixed_packages
0
url pkg:composer/mautic/core@4.4.12
purl pkg:composer/mautic/core@4.4.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3q5j-jj2b-t7de
4
vulnerability VCID-6yv4-1yes-hkfs
5
vulnerability VCID-9upf-7u9p-hkaa
6
vulnerability VCID-a3qv-sg57-gfd4
7
vulnerability VCID-ckj2-3ujt-fbhz
8
vulnerability VCID-e29q-5hg5-cfdq
9
vulnerability VCID-f8d8-kqpm-ekhc
10
vulnerability VCID-fa5a-r46u-nbfm
11
vulnerability VCID-g21m-aehf-wkfw
12
vulnerability VCID-hj6u-3g1s-97bm
13
vulnerability VCID-jxs8-apn6-dbfd
14
vulnerability VCID-qz5x-pz9p-93eu
15
vulnerability VCID-s7r1-3b25-bbe6
16
vulnerability VCID-sd7d-573z-n7dk
17
vulnerability VCID-swy6-81uq-4kcs
18
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12
1
url pkg:composer/mautic/core@5.0.4
purl pkg:composer/mautic/core@5.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3q5j-jj2b-t7de
4
vulnerability VCID-6yv4-1yes-hkfs
5
vulnerability VCID-9upf-7u9p-hkaa
6
vulnerability VCID-a3qv-sg57-gfd4
7
vulnerability VCID-ckj2-3ujt-fbhz
8
vulnerability VCID-e29q-5hg5-cfdq
9
vulnerability VCID-f8d8-kqpm-ekhc
10
vulnerability VCID-fa5a-r46u-nbfm
11
vulnerability VCID-g21m-aehf-wkfw
12
vulnerability VCID-hj6u-3g1s-97bm
13
vulnerability VCID-jxs8-apn6-dbfd
14
vulnerability VCID-qz5x-pz9p-93eu
15
vulnerability VCID-s7r1-3b25-bbe6
16
vulnerability VCID-sd7d-573z-n7dk
17
vulnerability VCID-swy6-81uq-4kcs
18
vulnerability VCID-wny3-utyg-pqha
19
vulnerability VCID-xsmg-dqq4-kqgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.4
aliases CVE-2022-25777, GHSA-mgv8-w49f-822w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5dp5-sahm-affj
11
url VCID-7nmh-nhm6-abhr
vulnerability_id VCID-7nmh-nhm6-abhr
summary 
Information Exposure
An issue was discovered in Mautic It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-10189
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.53602
published_at 2026-06-04T12:55:00Z
1
value 0.003
scoring_system epss
scoring_elements 0.53661
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-10189
1
reference_url https://github.com/mautic/mautic/releases/tag/2.13.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/2.13.0
2
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-vfxj-qg93-7wwc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-vfxj-qg93-7wwc
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-10189
reference_id CVE-2018-10189
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-10189
fixed_packages
0
url pkg:composer/mautic/core@2.13.0
purl pkg:composer/mautic/core@2.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2e51-qg2k-vqhd
5
vulnerability VCID-3agv-evyh-k3hk
6
vulnerability VCID-3q5j-jj2b-t7de
7
vulnerability VCID-5dp5-sahm-affj
8
vulnerability VCID-9kw2-q4ek-jugf
9
vulnerability VCID-9t6r-g255-zbdq
10
vulnerability VCID-9tjy-3czw-37as
11
vulnerability VCID-9upf-7u9p-hkaa
12
vulnerability VCID-bdse-4ypf-abe3
13
vulnerability VCID-ckj2-3ujt-fbhz
14
vulnerability VCID-dh9y-k8zb-zkew
15
vulnerability VCID-e29q-5hg5-cfdq
16
vulnerability VCID-g21m-aehf-wkfw
17
vulnerability VCID-ghuh-z1uh-mbf5
18
vulnerability VCID-gnga-y8vw-1kgm
19
vulnerability VCID-j624-5zx3-c7c8
20
vulnerability VCID-jxs8-apn6-dbfd
21
vulnerability VCID-mbfx-4u6j-ybfp
22
vulnerability VCID-n3p3-jsyf-wuf5
23
vulnerability VCID-p9jy-6mbb-ukad
24
vulnerability VCID-puaz-79mc-4bc6
25
vulnerability VCID-qhxy-1kmh-wyh2
26
vulnerability VCID-sd7d-573z-n7dk
27
vulnerability VCID-swy6-81uq-4kcs
28
vulnerability VCID-trhp-bjp1-57ey
29
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.13.0
aliases CVE-2018-10189, GHSA-vfxj-qg93-7wwc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nmh-nhm6-abhr
12
url VCID-8uef-cxb8-sfcu
vulnerability_id VCID-8uef-cxb8-sfcu
summary 
Cross-site Scripting
Mautic is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000488
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47497
published_at 2026-06-05T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.47432
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000488
1
reference_url https://github.com/mautic/mautic/commit/bda60c0eefbd19c759589e975e63ab1d201c1b8e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/bda60c0eefbd19c759589e975e63ab1d201c1b8e
2
reference_url https://github.com/mautic/mautic/releases/tag/2.12.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/2.12.0
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-qjhr-c23f-w76q
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-qjhr-c23f-w76q
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000488
reference_id CVE-2017-1000488
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000488
fixed_packages
0
url pkg:composer/mautic/core@2.12.0-beta
purl pkg:composer/mautic/core@2.12.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2bf9-tpw5-6ybc
5
vulnerability VCID-2e51-qg2k-vqhd
6
vulnerability VCID-3agv-evyh-k3hk
7
vulnerability VCID-3q5j-jj2b-t7de
8
vulnerability VCID-5dp5-sahm-affj
9
vulnerability VCID-7nmh-nhm6-abhr
10
vulnerability VCID-9kw2-q4ek-jugf
11
vulnerability VCID-9t6r-g255-zbdq
12
vulnerability VCID-9tjy-3czw-37as
13
vulnerability VCID-9upf-7u9p-hkaa
14
vulnerability VCID-bdse-4ypf-abe3
15
vulnerability VCID-ckj2-3ujt-fbhz
16
vulnerability VCID-dh9y-k8zb-zkew
17
vulnerability VCID-e29q-5hg5-cfdq
18
vulnerability VCID-g21m-aehf-wkfw
19
vulnerability VCID-ghuh-z1uh-mbf5
20
vulnerability VCID-gnga-y8vw-1kgm
21
vulnerability VCID-hwrr-6qe1-77gn
22
vulnerability VCID-j624-5zx3-c7c8
23
vulnerability VCID-jxs8-apn6-dbfd
24
vulnerability VCID-mbfx-4u6j-ybfp
25
vulnerability VCID-n3p3-jsyf-wuf5
26
vulnerability VCID-p9jy-6mbb-ukad
27
vulnerability VCID-puaz-79mc-4bc6
28
vulnerability VCID-qhxy-1kmh-wyh2
29
vulnerability VCID-sd7d-573z-n7dk
30
vulnerability VCID-swy6-81uq-4kcs
31
vulnerability VCID-trhp-bjp1-57ey
32
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0-beta
1
url pkg:composer/mautic/core@2.12.0
purl pkg:composer/mautic/core@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2bf9-tpw5-6ybc
5
vulnerability VCID-2e51-qg2k-vqhd
6
vulnerability VCID-3agv-evyh-k3hk
7
vulnerability VCID-3q5j-jj2b-t7de
8
vulnerability VCID-5dp5-sahm-affj
9
vulnerability VCID-7nmh-nhm6-abhr
10
vulnerability VCID-9kw2-q4ek-jugf
11
vulnerability VCID-9t6r-g255-zbdq
12
vulnerability VCID-9tjy-3czw-37as
13
vulnerability VCID-9upf-7u9p-hkaa
14
vulnerability VCID-bdse-4ypf-abe3
15
vulnerability VCID-ckj2-3ujt-fbhz
16
vulnerability VCID-dh9y-k8zb-zkew
17
vulnerability VCID-e29q-5hg5-cfdq
18
vulnerability VCID-g21m-aehf-wkfw
19
vulnerability VCID-ghuh-z1uh-mbf5
20
vulnerability VCID-gnga-y8vw-1kgm
21
vulnerability VCID-hwrr-6qe1-77gn
22
vulnerability VCID-j624-5zx3-c7c8
23
vulnerability VCID-jxs8-apn6-dbfd
24
vulnerability VCID-mbfx-4u6j-ybfp
25
vulnerability VCID-n3p3-jsyf-wuf5
26
vulnerability VCID-p9jy-6mbb-ukad
27
vulnerability VCID-puaz-79mc-4bc6
28
vulnerability VCID-qhxy-1kmh-wyh2
29
vulnerability VCID-sd7d-573z-n7dk
30
vulnerability VCID-swy6-81uq-4kcs
31
vulnerability VCID-trhp-bjp1-57ey
32
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0
aliases CVE-2017-1000488, GHSA-qjhr-c23f-w76q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8uef-cxb8-sfcu
13
url VCID-9kw2-q4ek-jugf
vulnerability_id VCID-9kw2-q4ek-jugf
summary 
Mautic vulnerable to stored cross-site scripting in description field
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.

This could lead to the user having elevated access to the system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27915
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41069
published_at 2026-06-05T12:55:00Z
1
value 0.00193
scoring_system epss
scoring_elements 0.40993
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27915
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/2d648394e183b1d2d910cea32e89d40a5915b5d4
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/2d648394e183b1d2d910cea32e89d40a5915b5d4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27915
reference_id CVE-2021-27915
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27915
4
reference_url https://github.com/advisories/GHSA-2rc5-2755-v422
reference_id GHSA-2rc5-2755-v422
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rc5-2755-v422
5
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422
reference_id GHSA-2rc5-2755-v422
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T15:59:08Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422
fixed_packages
0
url pkg:composer/mautic/core@4.4.12
purl pkg:composer/mautic/core@4.4.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3q5j-jj2b-t7de
4
vulnerability VCID-6yv4-1yes-hkfs
5
vulnerability VCID-9upf-7u9p-hkaa
6
vulnerability VCID-a3qv-sg57-gfd4
7
vulnerability VCID-ckj2-3ujt-fbhz
8
vulnerability VCID-e29q-5hg5-cfdq
9
vulnerability VCID-f8d8-kqpm-ekhc
10
vulnerability VCID-fa5a-r46u-nbfm
11
vulnerability VCID-g21m-aehf-wkfw
12
vulnerability VCID-hj6u-3g1s-97bm
13
vulnerability VCID-jxs8-apn6-dbfd
14
vulnerability VCID-qz5x-pz9p-93eu
15
vulnerability VCID-s7r1-3b25-bbe6
16
vulnerability VCID-sd7d-573z-n7dk
17
vulnerability VCID-swy6-81uq-4kcs
18
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12
1
url pkg:composer/mautic/core@5.0.0-alpha
purl pkg:composer/mautic/core@5.0.0-alpha
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3q5j-jj2b-t7de
4
vulnerability VCID-5dp5-sahm-affj
5
vulnerability VCID-6yv4-1yes-hkfs
6
vulnerability VCID-8h2f-f8zx-wbfn
7
vulnerability VCID-9upf-7u9p-hkaa
8
vulnerability VCID-bdse-4ypf-abe3
9
vulnerability VCID-ckj2-3ujt-fbhz
10
vulnerability VCID-e29q-5hg5-cfdq
11
vulnerability VCID-f8d8-kqpm-ekhc
12
vulnerability VCID-fa5a-r46u-nbfm
13
vulnerability VCID-g21m-aehf-wkfw
14
vulnerability VCID-hj6u-3g1s-97bm
15
vulnerability VCID-jxs8-apn6-dbfd
16
vulnerability VCID-qz5x-pz9p-93eu
17
vulnerability VCID-s7r1-3b25-bbe6
18
vulnerability VCID-swy6-81uq-4kcs
19
vulnerability VCID-whnz-qj59-vkgz
20
vulnerability VCID-wny3-utyg-pqha
21
vulnerability VCID-xsmg-dqq4-kqgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.0-alpha
aliases CVE-2021-27915, GHSA-2rc5-2755-v422
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kw2-q4ek-jugf
14
url VCID-9t6r-g255-zbdq
vulnerability_id VCID-9t6r-g255-zbdq
summary 
Cross-site Scripting
Mautic is vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27912
reference_id
reference_type
scores
0
value 0.0069
scoring_system epss
scoring_elements 0.72176
published_at 2026-06-04T12:55:00Z
1
value 0.0069
scoring_system epss
scoring_elements 0.72217
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27912
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27912.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27912.yaml
2
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27912
reference_id CVE-2021-27912
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27912
fixed_packages
0
url pkg:composer/mautic/core@3.3.4
purl pkg:composer/mautic/core@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3agv-evyh-k3hk
4
vulnerability VCID-3q5j-jj2b-t7de
5
vulnerability VCID-5dp5-sahm-affj
6
vulnerability VCID-8h2f-f8zx-wbfn
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9upf-7u9p-hkaa
9
vulnerability VCID-bdse-4ypf-abe3
10
vulnerability VCID-ckj2-3ujt-fbhz
11
vulnerability VCID-e29q-5hg5-cfdq
12
vulnerability VCID-g21m-aehf-wkfw
13
vulnerability VCID-jxs8-apn6-dbfd
14
vulnerability VCID-n3p3-jsyf-wuf5
15
vulnerability VCID-puaz-79mc-4bc6
16
vulnerability VCID-qhxy-1kmh-wyh2
17
vulnerability VCID-sd7d-573z-n7dk
18
vulnerability VCID-swy6-81uq-4kcs
19
vulnerability VCID-whnz-qj59-vkgz
20
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4
1
url pkg:composer/mautic/core@4.0.0-alpha1
purl pkg:composer/mautic/core@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1x5b-am33-mkh4
3
vulnerability VCID-2e51-qg2k-vqhd
4
vulnerability VCID-3agv-evyh-k3hk
5
vulnerability VCID-3q5j-jj2b-t7de
6
vulnerability VCID-5dp5-sahm-affj
7
vulnerability VCID-8h2f-f8zx-wbfn
8
vulnerability VCID-9kw2-q4ek-jugf
9
vulnerability VCID-9upf-7u9p-hkaa
10
vulnerability VCID-bdse-4ypf-abe3
11
vulnerability VCID-ckj2-3ujt-fbhz
12
vulnerability VCID-e29q-5hg5-cfdq
13
vulnerability VCID-g21m-aehf-wkfw
14
vulnerability VCID-gnga-y8vw-1kgm
15
vulnerability VCID-jxs8-apn6-dbfd
16
vulnerability VCID-n3p3-jsyf-wuf5
17
vulnerability VCID-puaz-79mc-4bc6
18
vulnerability VCID-sd7d-573z-n7dk
19
vulnerability VCID-swy6-81uq-4kcs
20
vulnerability VCID-trhp-bjp1-57ey
21
vulnerability VCID-whnz-qj59-vkgz
22
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0-alpha1
2
url pkg:composer/mautic/core@4.0.0
purl pkg:composer/mautic/core@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3agv-evyh-k3hk
4
vulnerability VCID-3q5j-jj2b-t7de
5
vulnerability VCID-5dp5-sahm-affj
6
vulnerability VCID-8h2f-f8zx-wbfn
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9t6r-g255-zbdq
9
vulnerability VCID-9upf-7u9p-hkaa
10
vulnerability VCID-a3qv-sg57-gfd4
11
vulnerability VCID-bdse-4ypf-abe3
12
vulnerability VCID-ckj2-3ujt-fbhz
13
vulnerability VCID-e29q-5hg5-cfdq
14
vulnerability VCID-g21m-aehf-wkfw
15
vulnerability VCID-hj6u-3g1s-97bm
16
vulnerability VCID-jxs8-apn6-dbfd
17
vulnerability VCID-mbfx-4u6j-ybfp
18
vulnerability VCID-n3p3-jsyf-wuf5
19
vulnerability VCID-puaz-79mc-4bc6
20
vulnerability VCID-qhxy-1kmh-wyh2
21
vulnerability VCID-sd7d-573z-n7dk
22
vulnerability VCID-swy6-81uq-4kcs
23
vulnerability VCID-whnz-qj59-vkgz
24
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0
aliases CVE-2021-27912, GHSA-rh5w-82wh-jhr8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9t6r-g255-zbdq
15
url VCID-9tjy-3czw-37as
vulnerability_id VCID-9tjy-3czw-37as
summary 
Cross-site Scripting
A cross-site scripting (XSS) vulnerability in the assets component of Mautic allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35124
reference_id
reference_type
scores
0
value 0.01142
scoring_system epss
scoring_elements 0.7877
published_at 2026-06-04T12:55:00Z
1
value 0.01142
scoring_system epss
scoring_elements 0.78796
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35124
1
reference_url https://forum.mautic.org/c/announcements/16
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://forum.mautic.org/c/announcements/16
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35124.yaml
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35124.yaml
3
reference_url https://github.com/mautic/mautic/commit/20c5dc39b62164f6922ce53ea42cbb4ccec64e57
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/20c5dc39b62164f6922ce53ea42cbb4ccec64e57
4
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m
5
reference_url https://packagist.org/packages/mautic/core
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/mautic/core
6
reference_url https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce
7
reference_url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35124
reference_id CVE-2020-35124
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35124
fixed_packages
0
url pkg:composer/mautic/core@2.16.5
purl pkg:composer/mautic/core@2.16.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2e51-qg2k-vqhd
5
vulnerability VCID-3agv-evyh-k3hk
6
vulnerability VCID-3q5j-jj2b-t7de
7
vulnerability VCID-5dp5-sahm-affj
8
vulnerability VCID-9kw2-q4ek-jugf
9
vulnerability VCID-9t6r-g255-zbdq
10
vulnerability VCID-9tjy-3czw-37as
11
vulnerability VCID-9upf-7u9p-hkaa
12
vulnerability VCID-bdse-4ypf-abe3
13
vulnerability VCID-ckj2-3ujt-fbhz
14
vulnerability VCID-e29q-5hg5-cfdq
15
vulnerability VCID-g21m-aehf-wkfw
16
vulnerability VCID-ghuh-z1uh-mbf5
17
vulnerability VCID-gnga-y8vw-1kgm
18
vulnerability VCID-jxs8-apn6-dbfd
19
vulnerability VCID-mbfx-4u6j-ybfp
20
vulnerability VCID-n3p3-jsyf-wuf5
21
vulnerability VCID-puaz-79mc-4bc6
22
vulnerability VCID-qhxy-1kmh-wyh2
23
vulnerability VCID-sd7d-573z-n7dk
24
vulnerability VCID-swy6-81uq-4kcs
25
vulnerability VCID-trhp-bjp1-57ey
26
vulnerability VCID-whnz-qj59-vkgz
27
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5
1
url pkg:composer/mautic/core@3.2.4
purl pkg:composer/mautic/core@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1x5b-am33-mkh4
3
vulnerability VCID-2e51-qg2k-vqhd
4
vulnerability VCID-3agv-evyh-k3hk
5
vulnerability VCID-3q5j-jj2b-t7de
6
vulnerability VCID-5dp5-sahm-affj
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9t6r-g255-zbdq
9
vulnerability VCID-9upf-7u9p-hkaa
10
vulnerability VCID-bdse-4ypf-abe3
11
vulnerability VCID-ckj2-3ujt-fbhz
12
vulnerability VCID-e29q-5hg5-cfdq
13
vulnerability VCID-g21m-aehf-wkfw
14
vulnerability VCID-ghuh-z1uh-mbf5
15
vulnerability VCID-gnga-y8vw-1kgm
16
vulnerability VCID-jxs8-apn6-dbfd
17
vulnerability VCID-mbfx-4u6j-ybfp
18
vulnerability VCID-n3p3-jsyf-wuf5
19
vulnerability VCID-puaz-79mc-4bc6
20
vulnerability VCID-qhxy-1kmh-wyh2
21
vulnerability VCID-sd7d-573z-n7dk
22
vulnerability VCID-swy6-81uq-4kcs
23
vulnerability VCID-trhp-bjp1-57ey
24
vulnerability VCID-whnz-qj59-vkgz
25
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4
aliases CVE-2020-35124, GHSA-39wj-j3jc-858m
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9tjy-3czw-37as
16
url VCID-9upf-7u9p-hkaa
vulnerability_id VCID-9upf-7u9p-hkaa
summary 
Mautic allows Relative Path Traversal in assets file upload
This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.

* **Improper Limitation of a Pathname to a Restricted Directory:** A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25773
reference_id
reference_type
scores
0
value 0.00147
scoring_system epss
scoring_elements 0.34878
published_at 2026-06-05T12:55:00Z
1
value 0.00147
scoring_system epss
scoring_elements 0.34782
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25773
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/e6aaad99f399c5df1ce6273609920098e5c2564a
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/e6aaad99f399c5df1ce6273609920098e5c2564a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25773
reference_id CVE-2022-25773
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25773
4
reference_url https://github.com/advisories/GHSA-4w2w-36vm-c8hf
reference_id GHSA-4w2w-36vm-c8hf
reference_type
scores
url https://github.com/advisories/GHSA-4w2w-36vm-c8hf
5
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf
reference_id GHSA-4w2w-36vm-c8hf
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:54:09Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf
fixed_packages
0
url pkg:composer/mautic/core@5.2.3
purl pkg:composer/mautic/core@5.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6yv4-1yes-hkfs
1
vulnerability VCID-a3qv-sg57-gfd4
2
vulnerability VCID-f8d8-kqpm-ekhc
3
vulnerability VCID-fa5a-r46u-nbfm
4
vulnerability VCID-g21m-aehf-wkfw
5
vulnerability VCID-hj6u-3g1s-97bm
6
vulnerability VCID-jxs8-apn6-dbfd
7
vulnerability VCID-qz5x-pz9p-93eu
8
vulnerability VCID-s7r1-3b25-bbe6
9
vulnerability VCID-swy6-81uq-4kcs
10
vulnerability VCID-xsmg-dqq4-kqgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.3
aliases CVE-2022-25773, GHSA-4w2w-36vm-c8hf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9upf-7u9p-hkaa
17
url VCID-bdse-4ypf-abe3
vulnerability_id VCID-bdse-4ypf-abe3
summary 
Mautic Sensitive Data Exposure due to inadequate user permission settings
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.

Users could potentially access sensitive data such as names and surnames, company names and stage names.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25776
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18363
published_at 2026-06-05T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18286
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25776
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/22bdd0796ca6e1e985708b89ad5c07147630fecd
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/22bdd0796ca6e1e985708b89ad5c07147630fecd
3
reference_url https://github.com/mautic/mautic/commit/2cc4af975fe01c264d439acc1451c936e7114644
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/2cc4af975fe01c264d439acc1451c936e7114644
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25776
reference_id CVE-2022-25776
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25776
5
reference_url https://github.com/advisories/GHSA-qjx3-2g35-6hv8
reference_id GHSA-qjx3-2g35-6hv8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qjx3-2g35-6hv8
6
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8
reference_id GHSA-qjx3-2g35-6hv8
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T15:58:56Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8
fixed_packages
0
url pkg:composer/mautic/core@4.4.12
purl pkg:composer/mautic/core@4.4.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3q5j-jj2b-t7de
4
vulnerability VCID-6yv4-1yes-hkfs
5
vulnerability VCID-9upf-7u9p-hkaa
6
vulnerability VCID-a3qv-sg57-gfd4
7
vulnerability VCID-ckj2-3ujt-fbhz
8
vulnerability VCID-e29q-5hg5-cfdq
9
vulnerability VCID-f8d8-kqpm-ekhc
10
vulnerability VCID-fa5a-r46u-nbfm
11
vulnerability VCID-g21m-aehf-wkfw
12
vulnerability VCID-hj6u-3g1s-97bm
13
vulnerability VCID-jxs8-apn6-dbfd
14
vulnerability VCID-qz5x-pz9p-93eu
15
vulnerability VCID-s7r1-3b25-bbe6
16
vulnerability VCID-sd7d-573z-n7dk
17
vulnerability VCID-swy6-81uq-4kcs
18
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12
1
url pkg:composer/mautic/core@5.0.4
purl pkg:composer/mautic/core@5.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3q5j-jj2b-t7de
4
vulnerability VCID-6yv4-1yes-hkfs
5
vulnerability VCID-9upf-7u9p-hkaa
6
vulnerability VCID-a3qv-sg57-gfd4
7
vulnerability VCID-ckj2-3ujt-fbhz
8
vulnerability VCID-e29q-5hg5-cfdq
9
vulnerability VCID-f8d8-kqpm-ekhc
10
vulnerability VCID-fa5a-r46u-nbfm
11
vulnerability VCID-g21m-aehf-wkfw
12
vulnerability VCID-hj6u-3g1s-97bm
13
vulnerability VCID-jxs8-apn6-dbfd
14
vulnerability VCID-qz5x-pz9p-93eu
15
vulnerability VCID-s7r1-3b25-bbe6
16
vulnerability VCID-sd7d-573z-n7dk
17
vulnerability VCID-swy6-81uq-4kcs
18
vulnerability VCID-wny3-utyg-pqha
19
vulnerability VCID-xsmg-dqq4-kqgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.4
aliases CVE-2022-25776, GHSA-qjx3-2g35-6hv8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bdse-4ypf-abe3
18
url VCID-ckj2-3ujt-fbhz
vulnerability_id VCID-ckj2-3ujt-fbhz
summary 
Mautic allows Improper Authorization in Reporting API
This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.

* **Improper Authorization:** An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API.  This bypasses the intended access controls governed by the "Reporting Permissions > View Own" and "Reporting Permissions > View Others" permissions, which should restrict access to non-System Reports.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47053
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39631
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47053
1
reference_url https://cwe.mitre.org/data/definitions/287.html
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:43:36Z/
url https://cwe.mitre.org/data/definitions/287.html
2
reference_url https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:43:36Z/
url https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings
3
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
4
reference_url https://github.com/mautic/mautic/commit/9d7ee57c92502ef77cddb091011c5ffef14b11ee
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/9d7ee57c92502ef77cddb091011c5ffef14b11ee
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47053
reference_id CVE-2024-47053
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47053
6
reference_url https://github.com/advisories/GHSA-8xv7-g2q3-fqgc
reference_id GHSA-8xv7-g2q3-fqgc
reference_type
scores
url https://github.com/advisories/GHSA-8xv7-g2q3-fqgc
7
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc
reference_id GHSA-8xv7-g2q3-fqgc
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:43:36Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc
fixed_packages
0
url pkg:composer/mautic/core@5.2.3
purl pkg:composer/mautic/core@5.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6yv4-1yes-hkfs
1
vulnerability VCID-a3qv-sg57-gfd4
2
vulnerability VCID-f8d8-kqpm-ekhc
3
vulnerability VCID-fa5a-r46u-nbfm
4
vulnerability VCID-g21m-aehf-wkfw
5
vulnerability VCID-hj6u-3g1s-97bm
6
vulnerability VCID-jxs8-apn6-dbfd
7
vulnerability VCID-qz5x-pz9p-93eu
8
vulnerability VCID-s7r1-3b25-bbe6
9
vulnerability VCID-swy6-81uq-4kcs
10
vulnerability VCID-xsmg-dqq4-kqgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.3
aliases CVE-2024-47053, GHSA-8xv7-g2q3-fqgc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckj2-3ujt-fbhz
19
url VCID-dh9y-k8zb-zkew
vulnerability_id VCID-dh9y-k8zb-zkew
summary 
Cross-site Scripting
A cross-site scripting (XSS) vulnerability in the forms component of Mautic allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35125
reference_id
reference_type
scores
0
value 0.01246
scoring_system epss
scoring_elements 0.79631
published_at 2026-06-04T12:55:00Z
1
value 0.01246
scoring_system epss
scoring_elements 0.79658
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35125
1
reference_url https://forum.mautic.org/c/announcements/16
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://forum.mautic.org/c/announcements/16
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35125.yaml
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35125.yaml
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m
4
reference_url https://packagist.org/packages/mautic/core
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/mautic/core
5
reference_url https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce
6
reference_url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35125
reference_id CVE-2020-35125
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35125
8
reference_url https://github.com/advisories/GHSA-42q7-95j7-w62m
reference_id GHSA-42q7-95j7-w62m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-42q7-95j7-w62m
fixed_packages
0
url pkg:composer/mautic/core@2.16.5
purl pkg:composer/mautic/core@2.16.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2e51-qg2k-vqhd
5
vulnerability VCID-3agv-evyh-k3hk
6
vulnerability VCID-3q5j-jj2b-t7de
7
vulnerability VCID-5dp5-sahm-affj
8
vulnerability VCID-9kw2-q4ek-jugf
9
vulnerability VCID-9t6r-g255-zbdq
10
vulnerability VCID-9tjy-3czw-37as
11
vulnerability VCID-9upf-7u9p-hkaa
12
vulnerability VCID-bdse-4ypf-abe3
13
vulnerability VCID-ckj2-3ujt-fbhz
14
vulnerability VCID-e29q-5hg5-cfdq
15
vulnerability VCID-g21m-aehf-wkfw
16
vulnerability VCID-ghuh-z1uh-mbf5
17
vulnerability VCID-gnga-y8vw-1kgm
18
vulnerability VCID-jxs8-apn6-dbfd
19
vulnerability VCID-mbfx-4u6j-ybfp
20
vulnerability VCID-n3p3-jsyf-wuf5
21
vulnerability VCID-puaz-79mc-4bc6
22
vulnerability VCID-qhxy-1kmh-wyh2
23
vulnerability VCID-sd7d-573z-n7dk
24
vulnerability VCID-swy6-81uq-4kcs
25
vulnerability VCID-trhp-bjp1-57ey
26
vulnerability VCID-whnz-qj59-vkgz
27
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5
1
url pkg:composer/mautic/core@3.2.4
purl pkg:composer/mautic/core@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1x5b-am33-mkh4
3
vulnerability VCID-2e51-qg2k-vqhd
4
vulnerability VCID-3agv-evyh-k3hk
5
vulnerability VCID-3q5j-jj2b-t7de
6
vulnerability VCID-5dp5-sahm-affj
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9t6r-g255-zbdq
9
vulnerability VCID-9upf-7u9p-hkaa
10
vulnerability VCID-bdse-4ypf-abe3
11
vulnerability VCID-ckj2-3ujt-fbhz
12
vulnerability VCID-e29q-5hg5-cfdq
13
vulnerability VCID-g21m-aehf-wkfw
14
vulnerability VCID-ghuh-z1uh-mbf5
15
vulnerability VCID-gnga-y8vw-1kgm
16
vulnerability VCID-jxs8-apn6-dbfd
17
vulnerability VCID-mbfx-4u6j-ybfp
18
vulnerability VCID-n3p3-jsyf-wuf5
19
vulnerability VCID-puaz-79mc-4bc6
20
vulnerability VCID-qhxy-1kmh-wyh2
21
vulnerability VCID-sd7d-573z-n7dk
22
vulnerability VCID-swy6-81uq-4kcs
23
vulnerability VCID-trhp-bjp1-57ey
24
vulnerability VCID-whnz-qj59-vkgz
25
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4
aliases CVE-2020-35125, GHSA-42q7-95j7-w62m
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dh9y-k8zb-zkew
20
url VCID-e29q-5hg5-cfdq
vulnerability_id VCID-e29q-5hg5-cfdq
summary 
Mautic has an XSS in contact tracking and page hits report
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27917
reference_id
reference_type
scores
0
value 0.0045
scoring_system epss
scoring_elements 0.6402
published_at 2026-06-05T12:55:00Z
1
value 0.0045
scoring_system epss
scoring_elements 0.63978
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27917
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/550e33562d03363f7592fa9354259787a23a1d98
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/550e33562d03363f7592fa9354259787a23a1d98
3
reference_url https://github.com/mautic/mautic/commit/629165ac905c53bbb44feb5a6dbadb1dfd6d5564
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/629165ac905c53bbb44feb5a6dbadb1dfd6d5564
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27917
reference_id CVE-2021-27917
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27917
5
reference_url https://github.com/advisories/GHSA-xpc5-rr39-v8v2
reference_id GHSA-xpc5-rr39-v8v2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xpc5-rr39-v8v2
6
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2
reference_id GHSA-xpc5-rr39-v8v2
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:40:34Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2
fixed_packages
0
url pkg:composer/mautic/core@4.4.13
purl pkg:composer/mautic/core@4.4.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3q5j-jj2b-t7de
1
vulnerability VCID-6yv4-1yes-hkfs
2
vulnerability VCID-9upf-7u9p-hkaa
3
vulnerability VCID-a3qv-sg57-gfd4
4
vulnerability VCID-ckj2-3ujt-fbhz
5
vulnerability VCID-f8d8-kqpm-ekhc
6
vulnerability VCID-fa5a-r46u-nbfm
7
vulnerability VCID-g21m-aehf-wkfw
8
vulnerability VCID-hj6u-3g1s-97bm
9
vulnerability VCID-jxs8-apn6-dbfd
10
vulnerability VCID-qz5x-pz9p-93eu
11
vulnerability VCID-s7r1-3b25-bbe6
12
vulnerability VCID-swy6-81uq-4kcs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13
1
url pkg:composer/mautic/core@5.1.1
purl pkg:composer/mautic/core@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3q5j-jj2b-t7de
1
vulnerability VCID-6yv4-1yes-hkfs
2
vulnerability VCID-9upf-7u9p-hkaa
3
vulnerability VCID-a3qv-sg57-gfd4
4
vulnerability VCID-ckj2-3ujt-fbhz
5
vulnerability VCID-f8d8-kqpm-ekhc
6
vulnerability VCID-fa5a-r46u-nbfm
7
vulnerability VCID-g21m-aehf-wkfw
8
vulnerability VCID-hj6u-3g1s-97bm
9
vulnerability VCID-jxs8-apn6-dbfd
10
vulnerability VCID-qz5x-pz9p-93eu
11
vulnerability VCID-s7r1-3b25-bbe6
12
vulnerability VCID-swy6-81uq-4kcs
13
vulnerability VCID-xsmg-dqq4-kqgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1
aliases CVE-2021-27917, GHSA-xpc5-rr39-v8v2
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e29q-5hg5-cfdq
21
url VCID-g21m-aehf-wkfw
vulnerability_id VCID-g21m-aehf-wkfw
summary 
Mautic allows user name enumeration due to response time difference on password reset form
This advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames.

User Enumeration via Timing Attack: A user enumeration vulnerability exists in the "Forget your password" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47057
reference_id
reference_type
scores
0
value 0.00242
scoring_system epss
scoring_elements 0.47683
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47057
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47057
reference_id CVE-2024-47057
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47057
3
reference_url https://github.com/advisories/GHSA-424x-cxvh-wq9p
reference_id GHSA-424x-cxvh-wq9p
reference_type
scores
url https://github.com/advisories/GHSA-424x-cxvh-wq9p
4
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p
reference_id GHSA-424x-cxvh-wq9p
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:58:43Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p
fixed_packages
0
url pkg:composer/mautic/core@4.4.16
purl pkg:composer/mautic/core@4.4.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.16
1
url pkg:composer/mautic/core@5.2.6
purl pkg:composer/mautic/core@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3qv-sg57-gfd4
1
vulnerability VCID-f8d8-kqpm-ekhc
2
vulnerability VCID-fa5a-r46u-nbfm
3
vulnerability VCID-qz5x-pz9p-93eu
4
vulnerability VCID-s7r1-3b25-bbe6
5
vulnerability VCID-swy6-81uq-4kcs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.6
2
url pkg:composer/mautic/core@6.0.2
purl pkg:composer/mautic/core@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3qv-sg57-gfd4
1
vulnerability VCID-f8d8-kqpm-ekhc
2
vulnerability VCID-fa5a-r46u-nbfm
3
vulnerability VCID-qz5x-pz9p-93eu
4
vulnerability VCID-s7r1-3b25-bbe6
5
vulnerability VCID-swy6-81uq-4kcs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.2
aliases CVE-2024-47057, GHSA-424x-cxvh-wq9p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g21m-aehf-wkfw
22
url VCID-ghuh-z1uh-mbf5
vulnerability_id VCID-ghuh-z1uh-mbf5
summary 
Incorrect Permission Assignment for Critical Resource
Secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27908
reference_id
reference_type
scores
0
value 0.00109
scoring_system epss
scoring_elements 0.28726
published_at 2026-06-04T12:55:00Z
1
value 0.00109
scoring_system epss
scoring_elements 0.28799
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27908
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27908.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27908.yaml
2
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27908
reference_id CVE-2021-27908
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27908
fixed_packages
0
url pkg:composer/mautic/core@3.3.2
purl pkg:composer/mautic/core@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1x5b-am33-mkh4
3
vulnerability VCID-2e51-qg2k-vqhd
4
vulnerability VCID-3agv-evyh-k3hk
5
vulnerability VCID-3q5j-jj2b-t7de
6
vulnerability VCID-5dp5-sahm-affj
7
vulnerability VCID-8h2f-f8zx-wbfn
8
vulnerability VCID-9kw2-q4ek-jugf
9
vulnerability VCID-9t6r-g255-zbdq
10
vulnerability VCID-9upf-7u9p-hkaa
11
vulnerability VCID-bdse-4ypf-abe3
12
vulnerability VCID-ckj2-3ujt-fbhz
13
vulnerability VCID-e29q-5hg5-cfdq
14
vulnerability VCID-g21m-aehf-wkfw
15
vulnerability VCID-gnga-y8vw-1kgm
16
vulnerability VCID-jxs8-apn6-dbfd
17
vulnerability VCID-mbfx-4u6j-ybfp
18
vulnerability VCID-n3p3-jsyf-wuf5
19
vulnerability VCID-puaz-79mc-4bc6
20
vulnerability VCID-qhxy-1kmh-wyh2
21
vulnerability VCID-sd7d-573z-n7dk
22
vulnerability VCID-swy6-81uq-4kcs
23
vulnerability VCID-trhp-bjp1-57ey
24
vulnerability VCID-whnz-qj59-vkgz
25
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.2
aliases CVE-2021-27908, GHSA-4hjq-422q-4vpx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ghuh-z1uh-mbf5
23
url VCID-gnga-y8vw-1kgm
vulnerability_id VCID-gnga-y8vw-1kgm
summary 
Cross-site Scripting
Mautic is vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27911
reference_id
reference_type
scores
0
value 0.00352
scoring_system epss
scoring_elements 0.57888
published_at 2026-06-04T12:55:00Z
1
value 0.00352
scoring_system epss
scoring_elements 0.57941
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27911
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27911.yaml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27911.yaml
2
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27911
reference_id CVE-2021-27911
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27911
fixed_packages
0
url pkg:composer/mautic/core@3.3.4
purl pkg:composer/mautic/core@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3agv-evyh-k3hk
4
vulnerability VCID-3q5j-jj2b-t7de
5
vulnerability VCID-5dp5-sahm-affj
6
vulnerability VCID-8h2f-f8zx-wbfn
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9upf-7u9p-hkaa
9
vulnerability VCID-bdse-4ypf-abe3
10
vulnerability VCID-ckj2-3ujt-fbhz
11
vulnerability VCID-e29q-5hg5-cfdq
12
vulnerability VCID-g21m-aehf-wkfw
13
vulnerability VCID-jxs8-apn6-dbfd
14
vulnerability VCID-n3p3-jsyf-wuf5
15
vulnerability VCID-puaz-79mc-4bc6
16
vulnerability VCID-qhxy-1kmh-wyh2
17
vulnerability VCID-sd7d-573z-n7dk
18
vulnerability VCID-swy6-81uq-4kcs
19
vulnerability VCID-whnz-qj59-vkgz
20
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4
1
url pkg:composer/mautic/core@4.0.0
purl pkg:composer/mautic/core@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3agv-evyh-k3hk
4
vulnerability VCID-3q5j-jj2b-t7de
5
vulnerability VCID-5dp5-sahm-affj
6
vulnerability VCID-8h2f-f8zx-wbfn
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9t6r-g255-zbdq
9
vulnerability VCID-9upf-7u9p-hkaa
10
vulnerability VCID-a3qv-sg57-gfd4
11
vulnerability VCID-bdse-4ypf-abe3
12
vulnerability VCID-ckj2-3ujt-fbhz
13
vulnerability VCID-e29q-5hg5-cfdq
14
vulnerability VCID-g21m-aehf-wkfw
15
vulnerability VCID-hj6u-3g1s-97bm
16
vulnerability VCID-jxs8-apn6-dbfd
17
vulnerability VCID-mbfx-4u6j-ybfp
18
vulnerability VCID-n3p3-jsyf-wuf5
19
vulnerability VCID-puaz-79mc-4bc6
20
vulnerability VCID-qhxy-1kmh-wyh2
21
vulnerability VCID-sd7d-573z-n7dk
22
vulnerability VCID-swy6-81uq-4kcs
23
vulnerability VCID-whnz-qj59-vkgz
24
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0
aliases CVE-2021-27911, GHSA-72hm-fx78-xwhc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnga-y8vw-1kgm
24
url VCID-hwrr-6qe1-77gn
vulnerability_id VCID-hwrr-6qe1-77gn
summary 
Cross-site Scripting
Mautic before v2.13.0 has stored XSS via a theme config file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8071
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47432
published_at 2026-06-04T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.47497
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8071
1
reference_url https://github.com/mautic/mautic/commit/3add236e9cc00ea9b211b52cccc4660379b2ee8b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/3add236e9cc00ea9b211b52cccc4660379b2ee8b
2
reference_url https://github.com/mautic/mautic/releases/tag/2.13.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/2.13.0
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-5w74-jx7m-x6hv
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-5w74-jx7m-x6hv
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8071
reference_id CVE-2018-8071
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8071
fixed_packages
0
url pkg:composer/mautic/core@2.13.0
purl pkg:composer/mautic/core@2.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2e51-qg2k-vqhd
5
vulnerability VCID-3agv-evyh-k3hk
6
vulnerability VCID-3q5j-jj2b-t7de
7
vulnerability VCID-5dp5-sahm-affj
8
vulnerability VCID-9kw2-q4ek-jugf
9
vulnerability VCID-9t6r-g255-zbdq
10
vulnerability VCID-9tjy-3czw-37as
11
vulnerability VCID-9upf-7u9p-hkaa
12
vulnerability VCID-bdse-4ypf-abe3
13
vulnerability VCID-ckj2-3ujt-fbhz
14
vulnerability VCID-dh9y-k8zb-zkew
15
vulnerability VCID-e29q-5hg5-cfdq
16
vulnerability VCID-g21m-aehf-wkfw
17
vulnerability VCID-ghuh-z1uh-mbf5
18
vulnerability VCID-gnga-y8vw-1kgm
19
vulnerability VCID-j624-5zx3-c7c8
20
vulnerability VCID-jxs8-apn6-dbfd
21
vulnerability VCID-mbfx-4u6j-ybfp
22
vulnerability VCID-n3p3-jsyf-wuf5
23
vulnerability VCID-p9jy-6mbb-ukad
24
vulnerability VCID-puaz-79mc-4bc6
25
vulnerability VCID-qhxy-1kmh-wyh2
26
vulnerability VCID-sd7d-573z-n7dk
27
vulnerability VCID-swy6-81uq-4kcs
28
vulnerability VCID-trhp-bjp1-57ey
29
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.13.0
aliases CVE-2018-8071, GHSA-5w74-jx7m-x6hv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hwrr-6qe1-77gn
25
url VCID-j624-5zx3-c7c8
vulnerability_id VCID-j624-5zx3-c7c8
summary 
XSS in Mautic
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-3142.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-3142.yaml
1
reference_url https://github.com/mautic/mautic/commit/ba31db23e664f889da55a29ff27f797e2ab5cb1b
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/ba31db23e664f889da55a29ff27f797e2ab5cb1b
2
reference_url https://github.com/mautic/mautic/releases/tag/3.2.4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/3.2.4
3
reference_url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-3
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-3
4
reference_url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3142
reference_id CVE-2021-3142
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3142
6
reference_url https://github.com/advisories/GHSA-p7v4-gm6j-cw9m
reference_id GHSA-p7v4-gm6j-cw9m
reference_type
scores
url https://github.com/advisories/GHSA-p7v4-gm6j-cw9m
7
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-p7v4-gm6j-cw9m
reference_id GHSA-p7v4-gm6j-cw9m
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-p7v4-gm6j-cw9m
fixed_packages
0
url pkg:composer/mautic/core@2.16.5
purl pkg:composer/mautic/core@2.16.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2e51-qg2k-vqhd
5
vulnerability VCID-3agv-evyh-k3hk
6
vulnerability VCID-3q5j-jj2b-t7de
7
vulnerability VCID-5dp5-sahm-affj
8
vulnerability VCID-9kw2-q4ek-jugf
9
vulnerability VCID-9t6r-g255-zbdq
10
vulnerability VCID-9tjy-3czw-37as
11
vulnerability VCID-9upf-7u9p-hkaa
12
vulnerability VCID-bdse-4ypf-abe3
13
vulnerability VCID-ckj2-3ujt-fbhz
14
vulnerability VCID-e29q-5hg5-cfdq
15
vulnerability VCID-g21m-aehf-wkfw
16
vulnerability VCID-ghuh-z1uh-mbf5
17
vulnerability VCID-gnga-y8vw-1kgm
18
vulnerability VCID-jxs8-apn6-dbfd
19
vulnerability VCID-mbfx-4u6j-ybfp
20
vulnerability VCID-n3p3-jsyf-wuf5
21
vulnerability VCID-puaz-79mc-4bc6
22
vulnerability VCID-qhxy-1kmh-wyh2
23
vulnerability VCID-sd7d-573z-n7dk
24
vulnerability VCID-swy6-81uq-4kcs
25
vulnerability VCID-trhp-bjp1-57ey
26
vulnerability VCID-whnz-qj59-vkgz
27
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5
1
url pkg:composer/mautic/core@3.2.4
purl pkg:composer/mautic/core@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1x5b-am33-mkh4
3
vulnerability VCID-2e51-qg2k-vqhd
4
vulnerability VCID-3agv-evyh-k3hk
5
vulnerability VCID-3q5j-jj2b-t7de
6
vulnerability VCID-5dp5-sahm-affj
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9t6r-g255-zbdq
9
vulnerability VCID-9upf-7u9p-hkaa
10
vulnerability VCID-bdse-4ypf-abe3
11
vulnerability VCID-ckj2-3ujt-fbhz
12
vulnerability VCID-e29q-5hg5-cfdq
13
vulnerability VCID-g21m-aehf-wkfw
14
vulnerability VCID-ghuh-z1uh-mbf5
15
vulnerability VCID-gnga-y8vw-1kgm
16
vulnerability VCID-jxs8-apn6-dbfd
17
vulnerability VCID-mbfx-4u6j-ybfp
18
vulnerability VCID-n3p3-jsyf-wuf5
19
vulnerability VCID-puaz-79mc-4bc6
20
vulnerability VCID-qhxy-1kmh-wyh2
21
vulnerability VCID-sd7d-573z-n7dk
22
vulnerability VCID-swy6-81uq-4kcs
23
vulnerability VCID-trhp-bjp1-57ey
24
vulnerability VCID-whnz-qj59-vkgz
25
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4
aliases CVE-2021-3142, GHSA-p7v4-gm6j-cw9m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j624-5zx3-c7c8
26
url VCID-jxs8-apn6-dbfd
vulnerability_id VCID-jxs8-apn6-dbfd
summary 
Mautic has an Open Redirect vulnerability on user unlock path.
This advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits.

Open Redirection via `returnUrl` Parameter: An Open Redirection vulnerability exists in the `/s/action/unlock/user.user/0` endpoint. The `returnUrl` parameter, intended for post-action redirection, is not properly validated. This allows an attacker to craft a URL that, when clicked by a user, redirects them to an arbitrary external website controlled by the attacker.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-5256
reference_id
reference_type
scores
0
value 0.00187
scoring_system epss
scoring_elements 0.40322
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-5256
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-5256
reference_id CVE-2025-5256
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-5256
3
reference_url https://github.com/advisories/GHSA-6vx9-9r2g-8373
reference_id GHSA-6vx9-9r2g-8373
reference_type
scores
url https://github.com/advisories/GHSA-6vx9-9r2g-8373
4
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-6vx9-9r2g-8373
reference_id GHSA-6vx9-9r2g-8373
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T17:57:26Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-6vx9-9r2g-8373
fixed_packages
0
url pkg:composer/mautic/core@4.4.16
purl pkg:composer/mautic/core@4.4.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.16
1
url pkg:composer/mautic/core@5.2.6
purl pkg:composer/mautic/core@5.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3qv-sg57-gfd4
1
vulnerability VCID-f8d8-kqpm-ekhc
2
vulnerability VCID-fa5a-r46u-nbfm
3
vulnerability VCID-qz5x-pz9p-93eu
4
vulnerability VCID-s7r1-3b25-bbe6
5
vulnerability VCID-swy6-81uq-4kcs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.6
2
url pkg:composer/mautic/core@6.0.2
purl pkg:composer/mautic/core@6.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a3qv-sg57-gfd4
1
vulnerability VCID-f8d8-kqpm-ekhc
2
vulnerability VCID-fa5a-r46u-nbfm
3
vulnerability VCID-qz5x-pz9p-93eu
4
vulnerability VCID-s7r1-3b25-bbe6
5
vulnerability VCID-swy6-81uq-4kcs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.2
aliases CVE-2025-5256, GHSA-6vx9-9r2g-8373
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxs8-apn6-dbfd
27
url VCID-k2tn-w8n6-8ba1
vulnerability_id VCID-k2tn-w8n6-8ba1
summary 
Improper Authentication
Mautic allows a disabled user to still login using email address.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000489
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50821
published_at 2026-06-05T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.5076
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000489
1
reference_url https://github.com/mautic/mautic/commit/fd933cbef795b04cabdc50527cb18e037488fef9
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/fd933cbef795b04cabdc50527cb18e037488fef9
2
reference_url https://github.com/mautic/mautic/releases/tag/2.12.0
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/2.12.0
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-6x98-fx9j-7c78
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-6x98-fx9j-7c78
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000489
reference_id CVE-2017-1000489
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000489
fixed_packages
0
url pkg:composer/mautic/core@2.12.0-beta
purl pkg:composer/mautic/core@2.12.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2bf9-tpw5-6ybc
5
vulnerability VCID-2e51-qg2k-vqhd
6
vulnerability VCID-3agv-evyh-k3hk
7
vulnerability VCID-3q5j-jj2b-t7de
8
vulnerability VCID-5dp5-sahm-affj
9
vulnerability VCID-7nmh-nhm6-abhr
10
vulnerability VCID-9kw2-q4ek-jugf
11
vulnerability VCID-9t6r-g255-zbdq
12
vulnerability VCID-9tjy-3czw-37as
13
vulnerability VCID-9upf-7u9p-hkaa
14
vulnerability VCID-bdse-4ypf-abe3
15
vulnerability VCID-ckj2-3ujt-fbhz
16
vulnerability VCID-dh9y-k8zb-zkew
17
vulnerability VCID-e29q-5hg5-cfdq
18
vulnerability VCID-g21m-aehf-wkfw
19
vulnerability VCID-ghuh-z1uh-mbf5
20
vulnerability VCID-gnga-y8vw-1kgm
21
vulnerability VCID-hwrr-6qe1-77gn
22
vulnerability VCID-j624-5zx3-c7c8
23
vulnerability VCID-jxs8-apn6-dbfd
24
vulnerability VCID-mbfx-4u6j-ybfp
25
vulnerability VCID-n3p3-jsyf-wuf5
26
vulnerability VCID-p9jy-6mbb-ukad
27
vulnerability VCID-puaz-79mc-4bc6
28
vulnerability VCID-qhxy-1kmh-wyh2
29
vulnerability VCID-sd7d-573z-n7dk
30
vulnerability VCID-swy6-81uq-4kcs
31
vulnerability VCID-trhp-bjp1-57ey
32
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0-beta
1
url pkg:composer/mautic/core@2.12.0
purl pkg:composer/mautic/core@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2bf9-tpw5-6ybc
5
vulnerability VCID-2e51-qg2k-vqhd
6
vulnerability VCID-3agv-evyh-k3hk
7
vulnerability VCID-3q5j-jj2b-t7de
8
vulnerability VCID-5dp5-sahm-affj
9
vulnerability VCID-7nmh-nhm6-abhr
10
vulnerability VCID-9kw2-q4ek-jugf
11
vulnerability VCID-9t6r-g255-zbdq
12
vulnerability VCID-9tjy-3czw-37as
13
vulnerability VCID-9upf-7u9p-hkaa
14
vulnerability VCID-bdse-4ypf-abe3
15
vulnerability VCID-ckj2-3ujt-fbhz
16
vulnerability VCID-dh9y-k8zb-zkew
17
vulnerability VCID-e29q-5hg5-cfdq
18
vulnerability VCID-g21m-aehf-wkfw
19
vulnerability VCID-ghuh-z1uh-mbf5
20
vulnerability VCID-gnga-y8vw-1kgm
21
vulnerability VCID-hwrr-6qe1-77gn
22
vulnerability VCID-j624-5zx3-c7c8
23
vulnerability VCID-jxs8-apn6-dbfd
24
vulnerability VCID-mbfx-4u6j-ybfp
25
vulnerability VCID-n3p3-jsyf-wuf5
26
vulnerability VCID-p9jy-6mbb-ukad
27
vulnerability VCID-puaz-79mc-4bc6
28
vulnerability VCID-qhxy-1kmh-wyh2
29
vulnerability VCID-sd7d-573z-n7dk
30
vulnerability VCID-swy6-81uq-4kcs
31
vulnerability VCID-trhp-bjp1-57ey
32
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0
aliases CVE-2017-1000489, GHSA-6x98-fx9j-7c78
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k2tn-w8n6-8ba1
28
url VCID-mbfx-4u6j-ybfp
vulnerability_id VCID-mbfx-4u6j-ybfp
summary 
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic ;
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27913
reference_id
reference_type
scores
0
value 0.00089
scoring_system epss
scoring_elements 0.25345
published_at 2026-06-05T12:55:00Z
1
value 0.00089
scoring_system epss
scoring_elements 0.25249
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27913
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27913.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27913.yaml
2
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
3
reference_url https://github.com/mautic/mautic/commit/d1cad766a2de74e6c6b89d6d78c2a5f2e36ba91c
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/d1cad766a2de74e6c6b89d6d78c2a5f2e36ba91c
4
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27913
reference_id CVE-2021-27913
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27913
fixed_packages
0
url pkg:composer/mautic/core@3.3.4
purl pkg:composer/mautic/core@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3agv-evyh-k3hk
4
vulnerability VCID-3q5j-jj2b-t7de
5
vulnerability VCID-5dp5-sahm-affj
6
vulnerability VCID-8h2f-f8zx-wbfn
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9upf-7u9p-hkaa
9
vulnerability VCID-bdse-4ypf-abe3
10
vulnerability VCID-ckj2-3ujt-fbhz
11
vulnerability VCID-e29q-5hg5-cfdq
12
vulnerability VCID-g21m-aehf-wkfw
13
vulnerability VCID-jxs8-apn6-dbfd
14
vulnerability VCID-n3p3-jsyf-wuf5
15
vulnerability VCID-puaz-79mc-4bc6
16
vulnerability VCID-qhxy-1kmh-wyh2
17
vulnerability VCID-sd7d-573z-n7dk
18
vulnerability VCID-swy6-81uq-4kcs
19
vulnerability VCID-whnz-qj59-vkgz
20
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4
1
url pkg:composer/mautic/core@4.0.0-alpha1
purl pkg:composer/mautic/core@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1x5b-am33-mkh4
3
vulnerability VCID-2e51-qg2k-vqhd
4
vulnerability VCID-3agv-evyh-k3hk
5
vulnerability VCID-3q5j-jj2b-t7de
6
vulnerability VCID-5dp5-sahm-affj
7
vulnerability VCID-8h2f-f8zx-wbfn
8
vulnerability VCID-9kw2-q4ek-jugf
9
vulnerability VCID-9upf-7u9p-hkaa
10
vulnerability VCID-bdse-4ypf-abe3
11
vulnerability VCID-ckj2-3ujt-fbhz
12
vulnerability VCID-e29q-5hg5-cfdq
13
vulnerability VCID-g21m-aehf-wkfw
14
vulnerability VCID-gnga-y8vw-1kgm
15
vulnerability VCID-jxs8-apn6-dbfd
16
vulnerability VCID-n3p3-jsyf-wuf5
17
vulnerability VCID-puaz-79mc-4bc6
18
vulnerability VCID-sd7d-573z-n7dk
19
vulnerability VCID-swy6-81uq-4kcs
20
vulnerability VCID-trhp-bjp1-57ey
21
vulnerability VCID-whnz-qj59-vkgz
22
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0-alpha1
2
url pkg:composer/mautic/core@4.0.0
purl pkg:composer/mautic/core@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3agv-evyh-k3hk
4
vulnerability VCID-3q5j-jj2b-t7de
5
vulnerability VCID-5dp5-sahm-affj
6
vulnerability VCID-8h2f-f8zx-wbfn
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9t6r-g255-zbdq
9
vulnerability VCID-9upf-7u9p-hkaa
10
vulnerability VCID-a3qv-sg57-gfd4
11
vulnerability VCID-bdse-4ypf-abe3
12
vulnerability VCID-ckj2-3ujt-fbhz
13
vulnerability VCID-e29q-5hg5-cfdq
14
vulnerability VCID-g21m-aehf-wkfw
15
vulnerability VCID-hj6u-3g1s-97bm
16
vulnerability VCID-jxs8-apn6-dbfd
17
vulnerability VCID-mbfx-4u6j-ybfp
18
vulnerability VCID-n3p3-jsyf-wuf5
19
vulnerability VCID-puaz-79mc-4bc6
20
vulnerability VCID-qhxy-1kmh-wyh2
21
vulnerability VCID-sd7d-573z-n7dk
22
vulnerability VCID-swy6-81uq-4kcs
23
vulnerability VCID-whnz-qj59-vkgz
24
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0
aliases CVE-2021-27913, GHSA-x7g2-wrrp-r6h3
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbfx-4u6j-ybfp
29
url VCID-n3p3-jsyf-wuf5
vulnerability_id VCID-n3p3-jsyf-wuf5
summary 
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.

Users could inject malicious code into the notification when saving Dashboards.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25774
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17477
published_at 2026-06-04T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17555
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25774
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/e6d58de241b8c34126042dcb314d60eb5fc7b151
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/e6d58de241b8c34126042dcb314d60eb5fc7b151
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25774
reference_id CVE-2022-25774
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25774
4
reference_url https://github.com/advisories/GHSA-fhcx-f7jg-jx3f
reference_id GHSA-fhcx-f7jg-jx3f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fhcx-f7jg-jx3f
5
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f
reference_id GHSA-fhcx-f7jg-jx3f
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T17:55:13Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f
fixed_packages
0
url pkg:composer/mautic/core@4.4.12
purl pkg:composer/mautic/core@4.4.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3q5j-jj2b-t7de
4
vulnerability VCID-6yv4-1yes-hkfs
5
vulnerability VCID-9upf-7u9p-hkaa
6
vulnerability VCID-a3qv-sg57-gfd4
7
vulnerability VCID-ckj2-3ujt-fbhz
8
vulnerability VCID-e29q-5hg5-cfdq
9
vulnerability VCID-f8d8-kqpm-ekhc
10
vulnerability VCID-fa5a-r46u-nbfm
11
vulnerability VCID-g21m-aehf-wkfw
12
vulnerability VCID-hj6u-3g1s-97bm
13
vulnerability VCID-jxs8-apn6-dbfd
14
vulnerability VCID-qz5x-pz9p-93eu
15
vulnerability VCID-s7r1-3b25-bbe6
16
vulnerability VCID-sd7d-573z-n7dk
17
vulnerability VCID-swy6-81uq-4kcs
18
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12
aliases CVE-2022-25774, GHSA-fhcx-f7jg-jx3f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n3p3-jsyf-wuf5
30
url VCID-p9jy-6mbb-ukad
vulnerability_id VCID-p9jy-6mbb-ukad
summary 
Cross-site Scripting
Mautic is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35128
reference_id
reference_type
scores
0
value 0.00651
scoring_system epss
scoring_elements 0.71253
published_at 2026-06-04T12:55:00Z
1
value 0.00651
scoring_system epss
scoring_elements 0.71297
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35128
1
reference_url https://forum.mautic.org/c/announcements/16
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://forum.mautic.org/c/announcements/16
2
reference_url https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786
3
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
4
reference_url https://labs.bishopfox.com/advisories/mautic-version-3.2.2
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://labs.bishopfox.com/advisories/mautic-version-3.2.2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35128
reference_id CVE-2020-35128
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35128
6
reference_url https://github.com/advisories/GHSA-98j2-3jv7-274m
reference_id GHSA-98j2-3jv7-274m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98j2-3jv7-274m
fixed_packages
0
url pkg:composer/mautic/core@2.16.5
purl pkg:composer/mautic/core@2.16.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1unf-fcpb-t7gr
3
vulnerability VCID-1x5b-am33-mkh4
4
vulnerability VCID-2e51-qg2k-vqhd
5
vulnerability VCID-3agv-evyh-k3hk
6
vulnerability VCID-3q5j-jj2b-t7de
7
vulnerability VCID-5dp5-sahm-affj
8
vulnerability VCID-9kw2-q4ek-jugf
9
vulnerability VCID-9t6r-g255-zbdq
10
vulnerability VCID-9tjy-3czw-37as
11
vulnerability VCID-9upf-7u9p-hkaa
12
vulnerability VCID-bdse-4ypf-abe3
13
vulnerability VCID-ckj2-3ujt-fbhz
14
vulnerability VCID-e29q-5hg5-cfdq
15
vulnerability VCID-g21m-aehf-wkfw
16
vulnerability VCID-ghuh-z1uh-mbf5
17
vulnerability VCID-gnga-y8vw-1kgm
18
vulnerability VCID-jxs8-apn6-dbfd
19
vulnerability VCID-mbfx-4u6j-ybfp
20
vulnerability VCID-n3p3-jsyf-wuf5
21
vulnerability VCID-puaz-79mc-4bc6
22
vulnerability VCID-qhxy-1kmh-wyh2
23
vulnerability VCID-sd7d-573z-n7dk
24
vulnerability VCID-swy6-81uq-4kcs
25
vulnerability VCID-trhp-bjp1-57ey
26
vulnerability VCID-whnz-qj59-vkgz
27
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5
1
url pkg:composer/mautic/core@3.2.4
purl pkg:composer/mautic/core@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1hew-3rb7-tkg8
2
vulnerability VCID-1x5b-am33-mkh4
3
vulnerability VCID-2e51-qg2k-vqhd
4
vulnerability VCID-3agv-evyh-k3hk
5
vulnerability VCID-3q5j-jj2b-t7de
6
vulnerability VCID-5dp5-sahm-affj
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9t6r-g255-zbdq
9
vulnerability VCID-9upf-7u9p-hkaa
10
vulnerability VCID-bdse-4ypf-abe3
11
vulnerability VCID-ckj2-3ujt-fbhz
12
vulnerability VCID-e29q-5hg5-cfdq
13
vulnerability VCID-g21m-aehf-wkfw
14
vulnerability VCID-ghuh-z1uh-mbf5
15
vulnerability VCID-gnga-y8vw-1kgm
16
vulnerability VCID-jxs8-apn6-dbfd
17
vulnerability VCID-mbfx-4u6j-ybfp
18
vulnerability VCID-n3p3-jsyf-wuf5
19
vulnerability VCID-puaz-79mc-4bc6
20
vulnerability VCID-qhxy-1kmh-wyh2
21
vulnerability VCID-sd7d-573z-n7dk
22
vulnerability VCID-swy6-81uq-4kcs
23
vulnerability VCID-trhp-bjp1-57ey
24
vulnerability VCID-whnz-qj59-vkgz
25
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4
aliases CVE-2020-35128, GHSA-98j2-3jv7-274m
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p9jy-6mbb-ukad
31
url VCID-puaz-79mc-4bc6
vulnerability_id VCID-puaz-79mc-4bc6
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27914
reference_id
reference_type
scores
0
value 0.00405
scoring_system epss
scoring_elements 0.61365
published_at 2026-06-04T12:55:00Z
1
value 0.00405
scoring_system epss
scoring_elements 0.61413
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27914
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27914
reference_id CVE-2021-27914
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-27914
2
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3
reference_id GHSA-jrwm-pr9x-cgq3
reference_type
scores
url https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3
fixed_packages
0
url pkg:composer/mautic/core@4.3.0
purl pkg:composer/mautic/core@4.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3q5j-jj2b-t7de
4
vulnerability VCID-5dp5-sahm-affj
5
vulnerability VCID-8h2f-f8zx-wbfn
6
vulnerability VCID-9kw2-q4ek-jugf
7
vulnerability VCID-9upf-7u9p-hkaa
8
vulnerability VCID-a3qv-sg57-gfd4
9
vulnerability VCID-bdse-4ypf-abe3
10
vulnerability VCID-ckj2-3ujt-fbhz
11
vulnerability VCID-e29q-5hg5-cfdq
12
vulnerability VCID-g21m-aehf-wkfw
13
vulnerability VCID-hj6u-3g1s-97bm
14
vulnerability VCID-jxs8-apn6-dbfd
15
vulnerability VCID-n3p3-jsyf-wuf5
16
vulnerability VCID-sd7d-573z-n7dk
17
vulnerability VCID-swy6-81uq-4kcs
18
vulnerability VCID-whnz-qj59-vkgz
19
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.3.0
aliases CVE-2021-27914, GHSA-jrwm-pr9x-cgq3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-puaz-79mc-4bc6
32
url VCID-qhxy-1kmh-wyh2
vulnerability_id VCID-qhxy-1kmh-wyh2
summary 
Improper regex in htaccess file
The default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25769
reference_id
reference_type
scores
0
value 0.00119
scoring_system epss
scoring_elements 0.30353
published_at 2026-06-04T12:55:00Z
1
value 0.00119
scoring_system epss
scoring_elements 0.30428
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25769
1
reference_url https://github.com/advisories/GHSA-mj6m-246h-9w56
reference_id GHSA-mj6m-246h-9w56
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mj6m-246h-9w56
2
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56
reference_id GHSA-mj6m-246h-9w56
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T18:10:59Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56
3
reference_url https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic
reference_id mautic-4-2-one-small-step-mautic
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T18:10:59Z/
url https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic
fixed_packages
0
url pkg:composer/mautic/core@3.3.5
purl pkg:composer/mautic/core@3.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3agv-evyh-k3hk
4
vulnerability VCID-3q5j-jj2b-t7de
5
vulnerability VCID-5dp5-sahm-affj
6
vulnerability VCID-8h2f-f8zx-wbfn
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9upf-7u9p-hkaa
9
vulnerability VCID-bdse-4ypf-abe3
10
vulnerability VCID-ckj2-3ujt-fbhz
11
vulnerability VCID-e29q-5hg5-cfdq
12
vulnerability VCID-g21m-aehf-wkfw
13
vulnerability VCID-jxs8-apn6-dbfd
14
vulnerability VCID-n3p3-jsyf-wuf5
15
vulnerability VCID-puaz-79mc-4bc6
16
vulnerability VCID-sd7d-573z-n7dk
17
vulnerability VCID-swy6-81uq-4kcs
18
vulnerability VCID-whnz-qj59-vkgz
19
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.5
1
url pkg:composer/mautic/core@4.2.0
purl pkg:composer/mautic/core@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3agv-evyh-k3hk
4
vulnerability VCID-3q5j-jj2b-t7de
5
vulnerability VCID-5dp5-sahm-affj
6
vulnerability VCID-8h2f-f8zx-wbfn
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9upf-7u9p-hkaa
9
vulnerability VCID-a3qv-sg57-gfd4
10
vulnerability VCID-bdse-4ypf-abe3
11
vulnerability VCID-ckj2-3ujt-fbhz
12
vulnerability VCID-e29q-5hg5-cfdq
13
vulnerability VCID-g21m-aehf-wkfw
14
vulnerability VCID-hj6u-3g1s-97bm
15
vulnerability VCID-jxs8-apn6-dbfd
16
vulnerability VCID-n3p3-jsyf-wuf5
17
vulnerability VCID-puaz-79mc-4bc6
18
vulnerability VCID-sd7d-573z-n7dk
19
vulnerability VCID-swy6-81uq-4kcs
20
vulnerability VCID-whnz-qj59-vkgz
21
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.2.0
aliases CVE-2022-25769, GHSA-mj6m-246h-9w56, GMS-2022-182
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qhxy-1kmh-wyh2
33
url VCID-sd7d-573z-n7dk
vulnerability_id VCID-sd7d-573z-n7dk
summary 
Duplicate Advisory: Mautic has insufficient authentication in upgrade flow
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-qf6m-6m4g-rmrc. This link is maintained to preserve external references.

# Original Description
Mautic allows you to update the application via an upgrade script.

The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.

This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.
references
0
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25770
reference_id CVE-2022-25770
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25770
2
reference_url https://github.com/advisories/GHSA-5hc5-fxr9-5frc
reference_id GHSA-5hc5-fxr9-5frc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5hc5-fxr9-5frc
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc
reference_id GHSA-qf6m-6m4g-rmrc
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc
fixed_packages
0
url pkg:composer/mautic/core@4.4.13
purl pkg:composer/mautic/core@4.4.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3q5j-jj2b-t7de
1
vulnerability VCID-6yv4-1yes-hkfs
2
vulnerability VCID-9upf-7u9p-hkaa
3
vulnerability VCID-a3qv-sg57-gfd4
4
vulnerability VCID-ckj2-3ujt-fbhz
5
vulnerability VCID-f8d8-kqpm-ekhc
6
vulnerability VCID-fa5a-r46u-nbfm
7
vulnerability VCID-g21m-aehf-wkfw
8
vulnerability VCID-hj6u-3g1s-97bm
9
vulnerability VCID-jxs8-apn6-dbfd
10
vulnerability VCID-qz5x-pz9p-93eu
11
vulnerability VCID-s7r1-3b25-bbe6
12
vulnerability VCID-swy6-81uq-4kcs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13
1
url pkg:composer/mautic/core@5.1.1
purl pkg:composer/mautic/core@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3q5j-jj2b-t7de
1
vulnerability VCID-6yv4-1yes-hkfs
2
vulnerability VCID-9upf-7u9p-hkaa
3
vulnerability VCID-a3qv-sg57-gfd4
4
vulnerability VCID-ckj2-3ujt-fbhz
5
vulnerability VCID-f8d8-kqpm-ekhc
6
vulnerability VCID-fa5a-r46u-nbfm
7
vulnerability VCID-g21m-aehf-wkfw
8
vulnerability VCID-hj6u-3g1s-97bm
9
vulnerability VCID-jxs8-apn6-dbfd
10
vulnerability VCID-qz5x-pz9p-93eu
11
vulnerability VCID-s7r1-3b25-bbe6
12
vulnerability VCID-swy6-81uq-4kcs
13
vulnerability VCID-xsmg-dqq4-kqgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1
aliases GHSA-5hc5-fxr9-5frc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sd7d-573z-n7dk
34
url VCID-swy6-81uq-4kcs
vulnerability_id VCID-swy6-81uq-4kcs
summary 
Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting
This advisory addresses a SQL Injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated against an allowlist, potentially allowing authenticated users to inject arbitrary SQL commands via the API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3105
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15977
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3105
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/releases/tag/5.2.10
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/5.2.10
3
reference_url https://github.com/mautic/mautic/releases/tag/6.0.8
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/6.0.8
4
reference_url https://github.com/mautic/mautic/releases/tag/7.0.1
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/7.0.1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3105
reference_id CVE-2026-3105
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3105
6
reference_url https://github.com/advisories/GHSA-r5j5-q42h-fc93
reference_id GHSA-r5j5-q42h-fc93
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r5j5-q42h-fc93
7
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93
reference_id GHSA-r5j5-q42h-fc93
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:02:03Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93
fixed_packages
0
url pkg:composer/mautic/core@5.2.10
purl pkg:composer/mautic/core@5.2.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.10
1
url pkg:composer/mautic/core@6.0.8
purl pkg:composer/mautic/core@6.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.8
2
url pkg:composer/mautic/core@7.0.1
purl pkg:composer/mautic/core@7.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@7.0.1
aliases CVE-2026-3105, GHSA-r5j5-q42h-fc93
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swy6-81uq-4kcs
35
url VCID-trhp-bjp1-57ey
vulnerability_id VCID-trhp-bjp1-57ey
summary 
Cross-site Scripting
Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the `error` and `error_related_to` parameters of the POST request (`POST /mailer/<product / webhook>/callback`). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27910
reference_id
reference_type
scores
0
value 0.00435
scoring_system epss
scoring_elements 0.63253
published_at 2026-06-05T12:55:00Z
1
value 0.00435
scoring_system epss
scoring_elements 0.63209
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27910
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27910.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27910.yaml
2
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
3
reference_url https://github.com/mautic/mautic/commit/e6a405975342f3cf86aa71927618d31d25135fa3
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/e6a405975342f3cf86aa71927618d31d25135fa3
4
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27910
reference_id CVE-2021-27910
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27910
fixed_packages
0
url pkg:composer/mautic/core@3.3.4
purl pkg:composer/mautic/core@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3agv-evyh-k3hk
4
vulnerability VCID-3q5j-jj2b-t7de
5
vulnerability VCID-5dp5-sahm-affj
6
vulnerability VCID-8h2f-f8zx-wbfn
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9upf-7u9p-hkaa
9
vulnerability VCID-bdse-4ypf-abe3
10
vulnerability VCID-ckj2-3ujt-fbhz
11
vulnerability VCID-e29q-5hg5-cfdq
12
vulnerability VCID-g21m-aehf-wkfw
13
vulnerability VCID-jxs8-apn6-dbfd
14
vulnerability VCID-n3p3-jsyf-wuf5
15
vulnerability VCID-puaz-79mc-4bc6
16
vulnerability VCID-qhxy-1kmh-wyh2
17
vulnerability VCID-sd7d-573z-n7dk
18
vulnerability VCID-swy6-81uq-4kcs
19
vulnerability VCID-whnz-qj59-vkgz
20
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4
1
url pkg:composer/mautic/core@4.0.0
purl pkg:composer/mautic/core@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19zs-w8hs-abdm
1
vulnerability VCID-1x5b-am33-mkh4
2
vulnerability VCID-2e51-qg2k-vqhd
3
vulnerability VCID-3agv-evyh-k3hk
4
vulnerability VCID-3q5j-jj2b-t7de
5
vulnerability VCID-5dp5-sahm-affj
6
vulnerability VCID-8h2f-f8zx-wbfn
7
vulnerability VCID-9kw2-q4ek-jugf
8
vulnerability VCID-9t6r-g255-zbdq
9
vulnerability VCID-9upf-7u9p-hkaa
10
vulnerability VCID-a3qv-sg57-gfd4
11
vulnerability VCID-bdse-4ypf-abe3
12
vulnerability VCID-ckj2-3ujt-fbhz
13
vulnerability VCID-e29q-5hg5-cfdq
14
vulnerability VCID-g21m-aehf-wkfw
15
vulnerability VCID-hj6u-3g1s-97bm
16
vulnerability VCID-jxs8-apn6-dbfd
17
vulnerability VCID-mbfx-4u6j-ybfp
18
vulnerability VCID-n3p3-jsyf-wuf5
19
vulnerability VCID-puaz-79mc-4bc6
20
vulnerability VCID-qhxy-1kmh-wyh2
21
vulnerability VCID-sd7d-573z-n7dk
22
vulnerability VCID-swy6-81uq-4kcs
23
vulnerability VCID-whnz-qj59-vkgz
24
vulnerability VCID-wny3-utyg-pqha
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0
aliases CVE-2021-27910, GHSA-86pv-95mj-7w5f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-trhp-bjp1-57ey
36
url VCID-wny3-utyg-pqha
vulnerability_id VCID-wny3-utyg-pqha
summary 
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47058
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40273
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47058
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/344b908ef690283e7d8d3fc5cc1327396a1c3046
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/344b908ef690283e7d8d3fc5cc1327396a1c3046
3
reference_url https://github.com/mautic/mautic/commit/88153a15b3cea331b7036d956b880c69e81a0032
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/88153a15b3cea331b7036d956b880c69e81a0032
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47058
reference_id CVE-2024-47058
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47058
5
reference_url https://github.com/advisories/GHSA-xv68-rrmw-9xwf
reference_id GHSA-xv68-rrmw-9xwf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xv68-rrmw-9xwf
6
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf
reference_id GHSA-xv68-rrmw-9xwf
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:42:03Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf
fixed_packages
0
url pkg:composer/mautic/core@4.4.13
purl pkg:composer/mautic/core@4.4.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3q5j-jj2b-t7de
1
vulnerability VCID-6yv4-1yes-hkfs
2
vulnerability VCID-9upf-7u9p-hkaa
3
vulnerability VCID-a3qv-sg57-gfd4
4
vulnerability VCID-ckj2-3ujt-fbhz
5
vulnerability VCID-f8d8-kqpm-ekhc
6
vulnerability VCID-fa5a-r46u-nbfm
7
vulnerability VCID-g21m-aehf-wkfw
8
vulnerability VCID-hj6u-3g1s-97bm
9
vulnerability VCID-jxs8-apn6-dbfd
10
vulnerability VCID-qz5x-pz9p-93eu
11
vulnerability VCID-s7r1-3b25-bbe6
12
vulnerability VCID-swy6-81uq-4kcs
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13
1
url pkg:composer/mautic/core@5.1.1
purl pkg:composer/mautic/core@5.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3q5j-jj2b-t7de
1
vulnerability VCID-6yv4-1yes-hkfs
2
vulnerability VCID-9upf-7u9p-hkaa
3
vulnerability VCID-a3qv-sg57-gfd4
4
vulnerability VCID-ckj2-3ujt-fbhz
5
vulnerability VCID-f8d8-kqpm-ekhc
6
vulnerability VCID-fa5a-r46u-nbfm
7
vulnerability VCID-g21m-aehf-wkfw
8
vulnerability VCID-hj6u-3g1s-97bm
9
vulnerability VCID-jxs8-apn6-dbfd
10
vulnerability VCID-qz5x-pz9p-93eu
11
vulnerability VCID-s7r1-3b25-bbe6
12
vulnerability VCID-swy6-81uq-4kcs
13
vulnerability VCID-xsmg-dqq4-kqgf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1
aliases CVE-2024-47058, GHSA-xv68-rrmw-9xwf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wny3-utyg-pqha
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.11.0