Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/54792?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/54792?format=api", "purl": "pkg:composer/mautic/core@2.11.0", "type": "composer", "namespace": "mautic", "name": "core", "version": "2.11.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.2.10", "latest_non_vulnerable_version": "7.0.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55860?format=api", "vulnerability_id": "VCID-19zs-w8hs-abdm", "summary": "Mautic vulnerable to Improper Access Control in UI upgrade process\nThe logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.59149", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.59101", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25768" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/89f964d06f00688016b38a56dfd9e95fc676c7ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/89f964d06f00688016b38a56dfd9e95fc676c7ce" }, { "reference_url": "https://github.com/mautic/mautic/commit/925aeee7d3dbb6ca67f92d9dc5893d99250f739b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/925aeee7d3dbb6ca67f92d9dc5893d99250f739b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25768", "reference_id": "CVE-2022-25768", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25768" }, { "reference_url": "https://github.com/advisories/GHSA-x3jx-5w6m-q2fc", "reference_id": "GHSA-x3jx-5w6m-q2fc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x3jx-5w6m-q2fc" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc", "reference_id": "GHSA-x3jx-5w6m-q2fc", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:42:37Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82702?format=api", "purl": "pkg:composer/mautic/core@4.4.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/82703?format=api", "purl": "pkg:composer/mautic/core@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1" } ], "aliases": [ "CVE-2022-25768", "GHSA-x3jx-5w6m-q2fc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-19zs-w8hs-abdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41385?format=api", "vulnerability_id": "VCID-1hew-3rb7-tkg8", "summary": "Cross-site Scripting\nThere is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter `bundle` in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27909", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18658", "scoring_system": "epss", "scoring_elements": "0.95403", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.18658", "scoring_system": "epss", "scoring_elements": "0.95395", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27909" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27909.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27909.yaml" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/942cb6992df619fdf1c181bfad9e25d5d4178b6f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/942cb6992df619fdf1c181bfad9e25d5d4178b6f" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27909", "reference_id": "CVE-2021-27909", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27909" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58816?format=api", "purl": "pkg:composer/mautic/core@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/58815?format=api", "purl": "pkg:composer/mautic/core@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0" } ], "aliases": [ "CVE-2021-27909", "GHSA-32hw-3pvh-vcvc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1hew-3rb7-tkg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53958?format=api", "vulnerability_id": "VCID-1unf-fcpb-t7gr", "summary": "Cross-site Scripting\nMautic is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35129", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70358", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70316", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35129" }, { "reference_url": "https://forum.mautic.org/c/announcements/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.mautic.org/c/announcements/16" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35129", "reference_id": "CVE-2020-35129", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35129" }, { "reference_url": "https://github.com/advisories/GHSA-3px5-wjh3-9x6r", "reference_id": "GHSA-3px5-wjh3-9x6r", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3px5-wjh3-9x6r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79564?format=api", "purl": "pkg:composer/mautic/core@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4" } ], "aliases": [ "CVE-2020-35129", "GHSA-3px5-wjh3-9x6r" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1unf-fcpb-t7gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55869?format=api", "vulnerability_id": "VCID-1x5b-am33-mkh4", "summary": "Mautic has insufficient authentication in upgrade flow\nMautic allows you to update the application via an upgrade script.\n\nThe upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.\n\nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53243", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53181", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25770" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca" }, { "reference_url": "https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25770", "reference_id": "CVE-2022-25770", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25770" }, { "reference_url": "https://github.com/advisories/GHSA-qf6m-6m4g-rmrc", "reference_id": "GHSA-qf6m-6m4g-rmrc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qf6m-6m4g-rmrc" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc", "reference_id": "GHSA-qf6m-6m4g-rmrc", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T14:47:02Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82702?format=api", "purl": "pkg:composer/mautic/core@4.4.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/82703?format=api", "purl": "pkg:composer/mautic/core@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1" } ], "aliases": [ "CVE-2022-25770", "GHSA-qf6m-6m4g-rmrc" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1x5b-am33-mkh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39581?format=api", "vulnerability_id": "VCID-2bf9-tpw5-6ybc", "summary": "Injection Vulnerability\nMautic allows CSV injection.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8092", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65796", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00486", "scoring_system": "epss", "scoring_elements": "0.65743", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8092" }, { "reference_url": "https://github.com/mautic/mautic/commit/cbc49f0ac4cc7e3acc07f2a85c079b2f85225a6b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/cbc49f0ac4cc7e3acc07f2a85c079b2f85225a6b" }, { "reference_url": "https://github.com/mautic/mautic/releases/tag/2.13.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/releases/tag/2.13.0" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-29v9-2fpx-j5g9", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-29v9-2fpx-j5g9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8092", "reference_id": "CVE-2018-8092", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8092" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55381?format=api", "purl": "pkg:composer/mautic/core@2.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-dh9y-k8zb-zkew" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-j624-5zx3-c7c8" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-p9jy-6mbb-ukad" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.13.0" } ], "aliases": [ "CVE-2018-8092", "GHSA-29v9-2fpx-j5g9" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2bf9-tpw5-6ybc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55858?format=api", "vulnerability_id": "VCID-2e51-qg2k-vqhd", "summary": "Mautic vulnerable to XSS in contact/company tracking (no authentication)\nPrior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47050", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01135", "scoring_system": "epss", "scoring_elements": "0.78733", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47050" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/0f21a3aa9c896788e1986fae0d7f166fc7a14c30", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/0f21a3aa9c896788e1986fae0d7f166fc7a14c30" }, { "reference_url": "https://github.com/mautic/mautic/commit/43db5e492c0ef82c917745849d5b454dbc8ca2c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/43db5e492c0ef82c917745849d5b454dbc8ca2c4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47050", "reference_id": "CVE-2024-47050", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47050" }, { "reference_url": "https://github.com/advisories/GHSA-73gr-32wg-qhh7", "reference_id": "GHSA-73gr-32wg-qhh7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-73gr-32wg-qhh7" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7", "reference_id": "GHSA-73gr-32wg-qhh7", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:41:10Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82702?format=api", "purl": "pkg:composer/mautic/core@4.4.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/82703?format=api", "purl": "pkg:composer/mautic/core@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1" } ], "aliases": [ "CVE-2024-47050", "GHSA-73gr-32wg-qhh7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2e51-qg2k-vqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110926?format=api", "vulnerability_id": "VCID-3agv-evyh-k3hk", "summary": "Cross-site Scripting vulnerability in Mautic's tracking pixel functionality\n### Impact\n\nMautic allows you to track open rates by using tracking pixels. \nThe tracking information is stored together with extra metadata of the tracking request.\n\nThe output isn't sufficiently filtered when showing the metadata of the tracking information, which may lead to a vulnerable situation.\n\n### Patches\n\nPlease upgrade to 4.3.0\n\n### Workarounds\nNone.\n\n### References\n* Internally tracked under MST-38\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [security@mautic.org](mailto:security@mautic.org)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02993", "scoring_system": "epss", "scoring_elements": "0.86808", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02993", "scoring_system": "epss", "scoring_elements": "0.86831", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25772" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/462eb596027fd949efbf9ac5cb2b376805e9d246", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/462eb596027fd949efbf9ac5cb2b376805e9d246" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25772", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25772" }, { "reference_url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html" }, { "reference_url": "https://github.com/advisories/GHSA-pjpc-87mp-4332", "reference_id": "GHSA-pjpc-87mp-4332", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pjpc-87mp-4332" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150225?format=api", "purl": "pkg:composer/mautic/core@4.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.3.0" } ], "aliases": [ "CVE-2022-25772", "GHSA-pjpc-87mp-4332", "GMS-2022-1448" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3agv-evyh-k3hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55859?format=api", "vulnerability_id": "VCID-3q5j-jj2b-t7de", "summary": "Mautic has insufficient authentication in upgrade flow\nMautic allows you to update the application via an upgrade script.\n\nThe upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.\n\nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47051", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.78462", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47051" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca" }, { "reference_url": "https://github.com/mautic/mautic/commit/75bc488ce98b9c8ec01114984049fc1c42c0cae5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/75bc488ce98b9c8ec01114984049fc1c42c0cae5" }, { "reference_url": "https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf" }, { "reference_url": "https://owasp.org/www-community/attacks/Code_Injection", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T14:29:14Z/" } ], "url": "https://owasp.org/www-community/attacks/Code_Injection" }, { "reference_url": "https://owasp.org/www-community/attacks/Path_Traversal", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T14:29:14Z/" } ], "url": "https://owasp.org/www-community/attacks/Path_Traversal" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47051", "reference_id": "CVE-2024-47051", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47051" }, { "reference_url": "https://github.com/advisories/GHSA-73gx-x7r9-77x2", "reference_id": "GHSA-73gx-x7r9-77x2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-73gx-x7r9-77x2" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2", "reference_id": "GHSA-73gx-x7r9-77x2", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T14:29:14Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2" }, { "reference_url": "https://github.com/advisories/GHSA-qf6m-6m4g-rmrc", "reference_id": "GHSA-qf6m-6m4g-rmrc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qf6m-6m4g-rmrc" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc", "reference_id": "GHSA-qf6m-6m4g-rmrc", "reference_type": "", "scores": [], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84187?format=api", "purl": "pkg:composer/mautic/core@5.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.3" } ], "aliases": [ "CVE-2024-47051", "GHSA-73gx-x7r9-77x2" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3q5j-jj2b-t7de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39387?format=api", "vulnerability_id": "VCID-4kqw-y2ds-eue2", "summary": "Cross-site Scripting\nMautic contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000506", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60946", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00398", "scoring_system": "epss", "scoring_elements": "0.60898", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000506" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/issues/5222", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/issues/5222" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000506", "reference_id": "CVE-2017-1000506", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000506" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/215080?format=api", "purl": "pkg:composer/mautic/core@2.12.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2bf9-tpw5-6ybc" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-7nmh-nhm6-abhr" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-dh9y-k8zb-zkew" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-hwrr-6qe1-77gn" }, { "vulnerability": "VCID-j624-5zx3-c7c8" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-p9jy-6mbb-ukad" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/54793?format=api", "purl": "pkg:composer/mautic/core@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2bf9-tpw5-6ybc" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-7nmh-nhm6-abhr" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-dh9y-k8zb-zkew" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-hwrr-6qe1-77gn" }, { "vulnerability": "VCID-j624-5zx3-c7c8" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-p9jy-6mbb-ukad" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/155627?format=api", "purl": "pkg:composer/mautic/core@2.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-dh9y-k8zb-zkew" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-j624-5zx3-c7c8" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-p9jy-6mbb-ukad" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.14.2" } ], "aliases": [ "CVE-2017-1000506", "GHSA-358v-cqjc-2pcq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4kqw-y2ds-eue2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39246?format=api", "vulnerability_id": "VCID-4yn2-rg69-hqcs", "summary": "Path Traversal\nAny authorized Mautic user could use the Filemanager to download any file from the server that the web user has access to.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57213", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57265", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000490" }, { "reference_url": "https://github.com/mautic/mautic/commit/3b01786433ae15e9a23f1eb9b0d3dfdb065b6241", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/3b01786433ae15e9a23f1eb9b0d3dfdb065b6241" }, { "reference_url": "https://github.com/mautic/mautic/releases/tag/2.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/releases/tag/2.12.0" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-qpgw-2c72-4c89", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-qpgw-2c72-4c89" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000490", "reference_id": "CVE-2017-1000490", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000490" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/215080?format=api", "purl": "pkg:composer/mautic/core@2.12.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2bf9-tpw5-6ybc" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-7nmh-nhm6-abhr" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-dh9y-k8zb-zkew" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-hwrr-6qe1-77gn" }, { "vulnerability": "VCID-j624-5zx3-c7c8" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-p9jy-6mbb-ukad" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/54793?format=api", "purl": "pkg:composer/mautic/core@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2bf9-tpw5-6ybc" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-7nmh-nhm6-abhr" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-dh9y-k8zb-zkew" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-hwrr-6qe1-77gn" }, { "vulnerability": "VCID-j624-5zx3-c7c8" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-p9jy-6mbb-ukad" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0" } ], "aliases": [ "CVE-2017-1000490", "GHSA-qpgw-2c72-4c89" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yn2-rg69-hqcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47473?format=api", "vulnerability_id": "VCID-5dp5-sahm-affj", "summary": "Mautic: MST-48 Server-Side Request Forgery in Asset section\nPrior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40514", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40434", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25777" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/b4b4ab5f0613854152ceb7b5e5228acf50648fd0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/b4b4ab5f0613854152ceb7b5e5228acf50648fd0" }, { "reference_url": "https://github.com/mautic/mautic/commit/c54befd9eaaa49e4fc10a0fe22435c09ef2821b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/c54befd9eaaa49e4fc10a0fe22435c09ef2821b2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25777", "reference_id": "CVE-2022-25777", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25777" }, { "reference_url": "https://github.com/advisories/GHSA-mgv8-w49f-822w", "reference_id": "GHSA-mgv8-w49f-822w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mgv8-w49f-822w" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w", "reference_id": "GHSA-mgv8-w49f-822w", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T17:16:39Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69757?format=api", "purl": "pkg:composer/mautic/core@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/69774?format=api", "purl": "pkg:composer/mautic/core@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-wny3-utyg-pqha" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.4" } ], "aliases": [ "CVE-2022-25777", "GHSA-mgv8-w49f-822w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5dp5-sahm-affj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39571?format=api", "vulnerability_id": "VCID-7nmh-nhm6-abhr", "summary": "Information Exposure\nAn issue was discovered in Mautic It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53602", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.003", "scoring_system": "epss", "scoring_elements": "0.53661", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10189" }, { "reference_url": "https://github.com/mautic/mautic/releases/tag/2.13.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/releases/tag/2.13.0" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-vfxj-qg93-7wwc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-vfxj-qg93-7wwc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10189", "reference_id": "CVE-2018-10189", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10189" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55381?format=api", "purl": "pkg:composer/mautic/core@2.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-dh9y-k8zb-zkew" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-j624-5zx3-c7c8" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-p9jy-6mbb-ukad" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.13.0" } ], "aliases": [ "CVE-2018-10189", "GHSA-vfxj-qg93-7wwc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7nmh-nhm6-abhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39247?format=api", "vulnerability_id": "VCID-8uef-cxb8-sfcu", "summary": "Cross-site Scripting\nMautic is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000488", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47497", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47432", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000488" }, { "reference_url": "https://github.com/mautic/mautic/commit/bda60c0eefbd19c759589e975e63ab1d201c1b8e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/bda60c0eefbd19c759589e975e63ab1d201c1b8e" }, { "reference_url": "https://github.com/mautic/mautic/releases/tag/2.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/releases/tag/2.12.0" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-qjhr-c23f-w76q", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-qjhr-c23f-w76q" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000488", "reference_id": "CVE-2017-1000488", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000488" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/215080?format=api", "purl": "pkg:composer/mautic/core@2.12.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2bf9-tpw5-6ybc" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-7nmh-nhm6-abhr" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-dh9y-k8zb-zkew" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-hwrr-6qe1-77gn" }, { "vulnerability": "VCID-j624-5zx3-c7c8" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-p9jy-6mbb-ukad" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/54793?format=api", "purl": "pkg:composer/mautic/core@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2bf9-tpw5-6ybc" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-7nmh-nhm6-abhr" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-dh9y-k8zb-zkew" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-hwrr-6qe1-77gn" }, { "vulnerability": "VCID-j624-5zx3-c7c8" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-p9jy-6mbb-ukad" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0" } ], "aliases": [ "CVE-2017-1000488", "GHSA-qjhr-c23f-w76q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8uef-cxb8-sfcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47464?format=api", "vulnerability_id": "VCID-9kw2-q4ek-jugf", "summary": "Mautic vulnerable to stored cross-site scripting in description field\nPrior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.\n\nThis could lead to the user having elevated access to the system.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27915", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41069", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.40993", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27915" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/2d648394e183b1d2d910cea32e89d40a5915b5d4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/2d648394e183b1d2d910cea32e89d40a5915b5d4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27915", "reference_id": "CVE-2021-27915", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27915" }, { "reference_url": "https://github.com/advisories/GHSA-2rc5-2755-v422", "reference_id": "GHSA-2rc5-2755-v422", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2rc5-2755-v422" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422", "reference_id": "GHSA-2rc5-2755-v422", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T15:59:08Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69757?format=api", "purl": "pkg:composer/mautic/core@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/69773?format=api", "purl": "pkg:composer/mautic/core@5.0.0-alpha", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.0-alpha" } ], "aliases": [ "CVE-2021-27915", "GHSA-2rc5-2755-v422" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9kw2-q4ek-jugf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41378?format=api", "vulnerability_id": "VCID-9t6r-g255-zbdq", "summary": "Cross-site Scripting\nMautic is vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27912", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.72176", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0069", "scoring_system": "epss", "scoring_elements": "0.72217", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27912" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27912.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27912.yaml" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27912", "reference_id": "CVE-2021-27912", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27912" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58816?format=api", "purl": "pkg:composer/mautic/core@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/58817?format=api", "purl": "pkg:composer/mautic/core@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/58815?format=api", "purl": "pkg:composer/mautic/core@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0" } ], "aliases": [ "CVE-2021-27912", "GHSA-rh5w-82wh-jhr8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9t6r-g255-zbdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54001?format=api", "vulnerability_id": "VCID-9tjy-3czw-37as", "summary": "Cross-site Scripting\nA cross-site scripting (XSS) vulnerability in the assets component of Mautic allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35124", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01142", "scoring_system": "epss", "scoring_elements": "0.7877", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01142", "scoring_system": "epss", "scoring_elements": "0.78796", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35124" }, { "reference_url": "https://forum.mautic.org/c/announcements/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.mautic.org/c/announcements/16" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35124.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35124.yaml" }, { "reference_url": "https://github.com/mautic/mautic/commit/20c5dc39b62164f6922ce53ea42cbb4ccec64e57", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/20c5dc39b62164f6922ce53ea42cbb4ccec64e57" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m" }, { "reference_url": "https://packagist.org/packages/mautic/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/mautic/core" }, { "reference_url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce" }, { "reference_url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35124", "reference_id": "CVE-2020-35124", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35124" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79578?format=api", "purl": "pkg:composer/mautic/core@2.16.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/79564?format=api", "purl": "pkg:composer/mautic/core@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4" } ], "aliases": [ "CVE-2020-35124", "GHSA-39wj-j3jc-858m" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9tjy-3czw-37as" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56716?format=api", "vulnerability_id": "VCID-9upf-7u9p-hkaa", "summary": "Mautic allows Relative Path Traversal in assets file upload\nThis advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.\n\n* **Improper Limitation of a Pathname to a Restricted Directory:** A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34878", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34782", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25773" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/e6aaad99f399c5df1ce6273609920098e5c2564a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/e6aaad99f399c5df1ce6273609920098e5c2564a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25773", "reference_id": "CVE-2022-25773", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25773" }, { "reference_url": "https://github.com/advisories/GHSA-4w2w-36vm-c8hf", "reference_id": "GHSA-4w2w-36vm-c8hf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4w2w-36vm-c8hf" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf", "reference_id": "GHSA-4w2w-36vm-c8hf", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:54:09Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84187?format=api", "purl": "pkg:composer/mautic/core@5.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.3" } ], "aliases": [ "CVE-2022-25773", "GHSA-4w2w-36vm-c8hf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9upf-7u9p-hkaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47479?format=api", "vulnerability_id": "VCID-bdse-4ypf-abe3", "summary": "Mautic Sensitive Data Exposure due to inadequate user permission settings\nPrior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.\n\nUsers could potentially access sensitive data such as names and surnames, company names and stage names.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18363", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18286", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25776" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/22bdd0796ca6e1e985708b89ad5c07147630fecd", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/22bdd0796ca6e1e985708b89ad5c07147630fecd" }, { "reference_url": "https://github.com/mautic/mautic/commit/2cc4af975fe01c264d439acc1451c936e7114644", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/2cc4af975fe01c264d439acc1451c936e7114644" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25776", "reference_id": "CVE-2022-25776", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25776" }, { "reference_url": "https://github.com/advisories/GHSA-qjx3-2g35-6hv8", "reference_id": "GHSA-qjx3-2g35-6hv8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qjx3-2g35-6hv8" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8", "reference_id": "GHSA-qjx3-2g35-6hv8", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T15:58:56Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69757?format=api", "purl": "pkg:composer/mautic/core@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/69774?format=api", "purl": "pkg:composer/mautic/core@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-wny3-utyg-pqha" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.4" } ], "aliases": [ "CVE-2022-25776", "GHSA-qjx3-2g35-6hv8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bdse-4ypf-abe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56719?format=api", "vulnerability_id": "VCID-ckj2-3ujt-fbhz", "summary": "Mautic allows Improper Authorization in Reporting API\nThis advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.\n\n* **Improper Authorization:** An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the \"Reporting Permissions > View Own\" and \"Reporting Permissions > View Others\" permissions, which should restrict access to non-System Reports.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39631", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47053" }, { "reference_url": "https://cwe.mitre.org/data/definitions/287.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:43:36Z/" } ], "url": "https://cwe.mitre.org/data/definitions/287.html" }, { "reference_url": "https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:43:36Z/" } ], "url": "https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/9d7ee57c92502ef77cddb091011c5ffef14b11ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/9d7ee57c92502ef77cddb091011c5ffef14b11ee" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47053", "reference_id": "CVE-2024-47053", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47053" }, { "reference_url": "https://github.com/advisories/GHSA-8xv7-g2q3-fqgc", "reference_id": "GHSA-8xv7-g2q3-fqgc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8xv7-g2q3-fqgc" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc", "reference_id": "GHSA-8xv7-g2q3-fqgc", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:43:36Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84187?format=api", "purl": "pkg:composer/mautic/core@5.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.3" } ], "aliases": [ "CVE-2024-47053", "GHSA-8xv7-g2q3-fqgc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ckj2-3ujt-fbhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54046?format=api", "vulnerability_id": "VCID-dh9y-k8zb-zkew", "summary": "Cross-site Scripting\nA cross-site scripting (XSS) vulnerability in the forms component of Mautic allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35125", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01246", "scoring_system": "epss", "scoring_elements": "0.79631", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01246", "scoring_system": "epss", "scoring_elements": "0.79658", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35125" }, { "reference_url": "https://forum.mautic.org/c/announcements/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.mautic.org/c/announcements/16" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35125.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35125.yaml" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m" }, { "reference_url": "https://packagist.org/packages/mautic/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/mautic/core" }, { "reference_url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce" }, { "reference_url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35125", "reference_id": "CVE-2020-35125", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35125" }, { "reference_url": "https://github.com/advisories/GHSA-42q7-95j7-w62m", "reference_id": "GHSA-42q7-95j7-w62m", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-42q7-95j7-w62m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79578?format=api", "purl": "pkg:composer/mautic/core@2.16.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/79564?format=api", "purl": "pkg:composer/mautic/core@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4" } ], "aliases": [ "CVE-2020-35125", "GHSA-42q7-95j7-w62m" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dh9y-k8zb-zkew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55863?format=api", "vulnerability_id": "VCID-e29q-5hg5-cfdq", "summary": "Mautic has an XSS in contact tracking and page hits report\nPrior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27917", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.6402", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63978", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27917" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/550e33562d03363f7592fa9354259787a23a1d98", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/550e33562d03363f7592fa9354259787a23a1d98" }, { "reference_url": "https://github.com/mautic/mautic/commit/629165ac905c53bbb44feb5a6dbadb1dfd6d5564", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/629165ac905c53bbb44feb5a6dbadb1dfd6d5564" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27917", "reference_id": "CVE-2021-27917", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27917" }, { "reference_url": "https://github.com/advisories/GHSA-xpc5-rr39-v8v2", "reference_id": "GHSA-xpc5-rr39-v8v2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xpc5-rr39-v8v2" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2", "reference_id": "GHSA-xpc5-rr39-v8v2", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:40:34Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82702?format=api", "purl": "pkg:composer/mautic/core@4.4.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/82703?format=api", "purl": "pkg:composer/mautic/core@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1" } ], "aliases": [ "CVE-2021-27917", "GHSA-xpc5-rr39-v8v2" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e29q-5hg5-cfdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57361?format=api", "vulnerability_id": "VCID-g21m-aehf-wkfw", "summary": "Mautic allows user name enumeration due to response time difference on password reset form\nThis advisory addresses a security vulnerability in Mautic related to the \"Forget your password\" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames.\n\nUser Enumeration via Timing Attack: A user enumeration vulnerability exists in the \"Forget your password\" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47057", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47683", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47057" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47057", "reference_id": "CVE-2024-47057", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47057" }, { "reference_url": "https://github.com/advisories/GHSA-424x-cxvh-wq9p", "reference_id": "GHSA-424x-cxvh-wq9p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-424x-cxvh-wq9p" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p", "reference_id": "GHSA-424x-cxvh-wq9p", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:58:43Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85233?format=api", "purl": "pkg:composer/mautic/core@4.4.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/85234?format=api", "purl": "pkg:composer/mautic/core@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/85235?format=api", "purl": "pkg:composer/mautic/core@6.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.2" } ], "aliases": [ "CVE-2024-47057", "GHSA-424x-cxvh-wq9p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g21m-aehf-wkfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54227?format=api", "vulnerability_id": "VCID-ghuh-z1uh-mbf5", "summary": "Incorrect Permission Assignment for Critical Resource\nSecret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28726", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00109", "scoring_system": "epss", "scoring_elements": "0.28799", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27908" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27908.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27908.yaml" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27908", "reference_id": "CVE-2021-27908", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27908" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80043?format=api", "purl": "pkg:composer/mautic/core@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.2" } ], "aliases": [ "CVE-2021-27908", "GHSA-4hjq-422q-4vpx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ghuh-z1uh-mbf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41383?format=api", "vulnerability_id": "VCID-gnga-y8vw-1kgm", "summary": "Cross-site Scripting\nMautic is vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57888", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00352", "scoring_system": "epss", "scoring_elements": "0.57941", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27911" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27911.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27911.yaml" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27911", "reference_id": "CVE-2021-27911", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27911" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58816?format=api", "purl": "pkg:composer/mautic/core@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/58815?format=api", "purl": "pkg:composer/mautic/core@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0" } ], "aliases": [ "CVE-2021-27911", "GHSA-72hm-fx78-xwhc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gnga-y8vw-1kgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39580?format=api", "vulnerability_id": "VCID-hwrr-6qe1-77gn", "summary": "Cross-site Scripting\nMautic before v2.13.0 has stored XSS via a theme config file.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8071", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47432", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47497", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8071" }, { "reference_url": "https://github.com/mautic/mautic/commit/3add236e9cc00ea9b211b52cccc4660379b2ee8b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/3add236e9cc00ea9b211b52cccc4660379b2ee8b" }, { "reference_url": "https://github.com/mautic/mautic/releases/tag/2.13.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/releases/tag/2.13.0" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-5w74-jx7m-x6hv", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-5w74-jx7m-x6hv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8071", "reference_id": "CVE-2018-8071", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8071" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55381?format=api", "purl": "pkg:composer/mautic/core@2.13.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-dh9y-k8zb-zkew" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-j624-5zx3-c7c8" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-p9jy-6mbb-ukad" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.13.0" } ], "aliases": [ "CVE-2018-8071", "GHSA-5w74-jx7m-x6hv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hwrr-6qe1-77gn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54008?format=api", "vulnerability_id": "VCID-j624-5zx3-c7c8", "summary": "XSS in Mautic\n** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-3142.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-3142.yaml" }, { "reference_url": "https://github.com/mautic/mautic/commit/ba31db23e664f889da55a29ff27f797e2ab5cb1b", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/ba31db23e664f889da55a29ff27f797e2ab5cb1b" }, { "reference_url": "https://github.com/mautic/mautic/releases/tag/3.2.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/releases/tag/3.2.4" }, { "reference_url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-3", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-3" }, { "reference_url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3142", "reference_id": "CVE-2021-3142", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3142" }, { "reference_url": "https://github.com/advisories/GHSA-p7v4-gm6j-cw9m", "reference_id": "GHSA-p7v4-gm6j-cw9m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p7v4-gm6j-cw9m" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-p7v4-gm6j-cw9m", "reference_id": "GHSA-p7v4-gm6j-cw9m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-p7v4-gm6j-cw9m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79578?format=api", "purl": "pkg:composer/mautic/core@2.16.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/79564?format=api", "purl": "pkg:composer/mautic/core@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4" } ], "aliases": [ "CVE-2021-3142", "GHSA-p7v4-gm6j-cw9m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j624-5zx3-c7c8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57352?format=api", "vulnerability_id": "VCID-jxs8-apn6-dbfd", "summary": "Mautic has an Open Redirect vulnerability on user unlock path.\nThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits.\n\nOpen Redirection via `returnUrl` Parameter: An Open Redirection vulnerability exists in the `/s/action/unlock/user.user/0` endpoint. The `returnUrl` parameter, intended for post-action redirection, is not properly validated. This allows an attacker to craft a URL that, when clicked by a user, redirects them to an arbitrary external website controlled by the attacker.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40322", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5256" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5256", "reference_id": "CVE-2025-5256", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5256" }, { "reference_url": "https://github.com/advisories/GHSA-6vx9-9r2g-8373", "reference_id": "GHSA-6vx9-9r2g-8373", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6vx9-9r2g-8373" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-6vx9-9r2g-8373", "reference_id": "GHSA-6vx9-9r2g-8373", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T17:57:26Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-6vx9-9r2g-8373" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85233?format=api", "purl": "pkg:composer/mautic/core@4.4.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/85234?format=api", "purl": "pkg:composer/mautic/core@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/85235?format=api", "purl": "pkg:composer/mautic/core@6.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.2" } ], "aliases": [ "CVE-2025-5256", "GHSA-6vx9-9r2g-8373" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jxs8-apn6-dbfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39248?format=api", "vulnerability_id": "VCID-k2tn-w8n6-8ba1", "summary": "Improper Authentication\nMautic allows a disabled user to still login using email address.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000489", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.50821", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00271", "scoring_system": "epss", "scoring_elements": "0.5076", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-1000489" }, { "reference_url": "https://github.com/mautic/mautic/commit/fd933cbef795b04cabdc50527cb18e037488fef9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/fd933cbef795b04cabdc50527cb18e037488fef9" }, { "reference_url": "https://github.com/mautic/mautic/releases/tag/2.12.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/releases/tag/2.12.0" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-6x98-fx9j-7c78", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-6x98-fx9j-7c78" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000489", "reference_id": "CVE-2017-1000489", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/215080?format=api", "purl": "pkg:composer/mautic/core@2.12.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2bf9-tpw5-6ybc" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-7nmh-nhm6-abhr" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-dh9y-k8zb-zkew" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-hwrr-6qe1-77gn" }, { "vulnerability": "VCID-j624-5zx3-c7c8" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-p9jy-6mbb-ukad" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/54793?format=api", "purl": "pkg:composer/mautic/core@2.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2bf9-tpw5-6ybc" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-7nmh-nhm6-abhr" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-dh9y-k8zb-zkew" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-hwrr-6qe1-77gn" }, { "vulnerability": "VCID-j624-5zx3-c7c8" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-p9jy-6mbb-ukad" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0" } ], "aliases": [ "CVE-2017-1000489", "GHSA-6x98-fx9j-7c78" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2tn-w8n6-8ba1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41374?format=api", "vulnerability_id": "VCID-mbfx-4u6j-ybfp", "summary": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)\nThe function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic ;", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25345", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25249", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27913" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27913.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27913.yaml" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/d1cad766a2de74e6c6b89d6d78c2a5f2e36ba91c", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/d1cad766a2de74e6c6b89d6d78c2a5f2e36ba91c" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27913", "reference_id": "CVE-2021-27913", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27913" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58816?format=api", "purl": "pkg:composer/mautic/core@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/58817?format=api", "purl": "pkg:composer/mautic/core@4.0.0-alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0-alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/58815?format=api", "purl": "pkg:composer/mautic/core@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0" } ], "aliases": [ "CVE-2021-27913", "GHSA-x7g2-wrrp-r6h3" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mbfx-4u6j-ybfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47474?format=api", "vulnerability_id": "VCID-n3p3-jsyf-wuf5", "summary": "Mautic vulnerable to cross-site scripting in notifications via saving Dashboards\nPrior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.\n\nUsers could inject malicious code into the notification when saving Dashboards.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17477", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17555", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25774" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/e6d58de241b8c34126042dcb314d60eb5fc7b151", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/e6d58de241b8c34126042dcb314d60eb5fc7b151" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25774", "reference_id": "CVE-2022-25774", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25774" }, { "reference_url": "https://github.com/advisories/GHSA-fhcx-f7jg-jx3f", "reference_id": "GHSA-fhcx-f7jg-jx3f", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fhcx-f7jg-jx3f" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f", "reference_id": "GHSA-fhcx-f7jg-jx3f", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T17:55:13Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69757?format=api", "purl": "pkg:composer/mautic/core@4.4.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12" } ], "aliases": [ "CVE-2022-25774", "GHSA-fhcx-f7jg-jx3f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n3p3-jsyf-wuf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53965?format=api", "vulnerability_id": "VCID-p9jy-6mbb-ukad", "summary": "Cross-site Scripting\nMautic is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71253", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71297", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35128" }, { "reference_url": "https://forum.mautic.org/c/announcements/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.mautic.org/c/announcements/16" }, { "reference_url": "https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://labs.bishopfox.com/advisories/mautic-version-3.2.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35128", "reference_id": "CVE-2020-35128", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35128" }, { "reference_url": "https://github.com/advisories/GHSA-98j2-3jv7-274m", "reference_id": "GHSA-98j2-3jv7-274m", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98j2-3jv7-274m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79578?format=api", "purl": "pkg:composer/mautic/core@2.16.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1unf-fcpb-t7gr" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9tjy-3czw-37as" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/79564?format=api", "purl": "pkg:composer/mautic/core@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1hew-3rb7-tkg8" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-ghuh-z1uh-mbf5" }, { "vulnerability": "VCID-gnga-y8vw-1kgm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-trhp-bjp1-57ey" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4" } ], "aliases": [ "CVE-2020-35128", "GHSA-98j2-3jv7-274m" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p9jy-6mbb-ukad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/241228?format=api", "vulnerability_id": "VCID-puaz-79mc-4bc6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27914", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61365", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00405", "scoring_system": "epss", "scoring_elements": "0.61413", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27914" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27914", "reference_id": "CVE-2021-27914", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27914" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3", "reference_id": "GHSA-jrwm-pr9x-cgq3", "reference_type": "", "scores": [], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/150225?format=api", "purl": "pkg:composer/mautic/core@4.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.3.0" } ], "aliases": [ "CVE-2021-27914", "GHSA-jrwm-pr9x-cgq3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-puaz-79mc-4bc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42547?format=api", "vulnerability_id": "VCID-qhxy-1kmh-wyh2", "summary": "Improper regex in htaccess file\nThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30353", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30428", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25769" }, { "reference_url": "https://github.com/advisories/GHSA-mj6m-246h-9w56", "reference_id": "GHSA-mj6m-246h-9w56", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mj6m-246h-9w56" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56", "reference_id": "GHSA-mj6m-246h-9w56", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T18:10:59Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56" }, { "reference_url": "https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic", "reference_id": "mautic-4-2-one-small-step-mautic", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T18:10:59Z/" } ], "url": "https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60825?format=api", "purl": "pkg:composer/mautic/core@3.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/60826?format=api", "purl": "pkg:composer/mautic/core@4.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.2.0" } ], "aliases": [ "CVE-2022-25769", "GHSA-mj6m-246h-9w56", "GMS-2022-182" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qhxy-1kmh-wyh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55872?format=api", "vulnerability_id": "VCID-sd7d-573z-n7dk", "summary": "Duplicate Advisory: Mautic has insufficient authentication in upgrade flow\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-qf6m-6m4g-rmrc. This link is maintained to preserve external references.\n\n# Original Description\nMautic allows you to update the application via an upgrade script.\n\nThe upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.\n\nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.", "references": [ { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25770", "reference_id": "CVE-2022-25770", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25770" }, { "reference_url": "https://github.com/advisories/GHSA-5hc5-fxr9-5frc", "reference_id": "GHSA-5hc5-fxr9-5frc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5hc5-fxr9-5frc" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc", "reference_id": "GHSA-qf6m-6m4g-rmrc", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "7.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82702?format=api", "purl": "pkg:composer/mautic/core@4.4.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/82703?format=api", "purl": "pkg:composer/mautic/core@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1" } ], "aliases": [ "GHSA-5hc5-fxr9-5frc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sd7d-573z-n7dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50398?format=api", "vulnerability_id": "VCID-swy6-81uq-4kcs", "summary": "Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting\nThis advisory addresses a SQL Injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated against an allowlist, potentially allowing authenticated users to inject arbitrary SQL commands via the API.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3105", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15977", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3105" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/releases/tag/5.2.10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/releases/tag/5.2.10" }, { "reference_url": "https://github.com/mautic/mautic/releases/tag/6.0.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/releases/tag/6.0.8" }, { "reference_url": "https://github.com/mautic/mautic/releases/tag/7.0.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/releases/tag/7.0.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3105", "reference_id": "CVE-2026-3105", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3105" }, { "reference_url": "https://github.com/advisories/GHSA-r5j5-q42h-fc93", "reference_id": "GHSA-r5j5-q42h-fc93", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r5j5-q42h-fc93" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93", "reference_id": "GHSA-r5j5-q42h-fc93", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:02:03Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74286?format=api", "purl": "pkg:composer/mautic/core@5.2.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/74287?format=api", "purl": "pkg:composer/mautic/core@6.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/74288?format=api", "purl": "pkg:composer/mautic/core@7.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@7.0.1" } ], "aliases": [ "CVE-2026-3105", "GHSA-r5j5-q42h-fc93" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-swy6-81uq-4kcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41375?format=api", "vulnerability_id": "VCID-trhp-bjp1-57ey", "summary": "Cross-site Scripting\nInsufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the `error` and `error_related_to` parameters of the POST request (`POST /mailer/<product / webhook>/callback`). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63253", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00435", "scoring_system": "epss", "scoring_elements": "0.63209", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27910" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27910.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27910.yaml" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/e6a405975342f3cf86aa71927618d31d25135fa3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/e6a405975342f3cf86aa71927618d31d25135fa3" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27910", "reference_id": "CVE-2021-27910", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27910" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58816?format=api", "purl": "pkg:composer/mautic/core@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/58815?format=api", "purl": "pkg:composer/mautic/core@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3agv-evyh-k3hk" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-5dp5-sahm-affj" }, { "vulnerability": "VCID-8h2f-f8zx-wbfn" }, { "vulnerability": "VCID-9kw2-q4ek-jugf" }, { "vulnerability": "VCID-9t6r-g255-zbdq" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-bdse-4ypf-abe3" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-mbfx-4u6j-ybfp" }, { "vulnerability": "VCID-n3p3-jsyf-wuf5" }, { "vulnerability": "VCID-puaz-79mc-4bc6" }, { "vulnerability": "VCID-qhxy-1kmh-wyh2" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-whnz-qj59-vkgz" }, { "vulnerability": "VCID-wny3-utyg-pqha" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0" } ], "aliases": [ "CVE-2021-27910", "GHSA-86pv-95mj-7w5f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-trhp-bjp1-57ey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55864?format=api", "vulnerability_id": "VCID-wny3-utyg-pqha", "summary": "Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)\nWith access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40273", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47058" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/344b908ef690283e7d8d3fc5cc1327396a1c3046", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/344b908ef690283e7d8d3fc5cc1327396a1c3046" }, { "reference_url": "https://github.com/mautic/mautic/commit/88153a15b3cea331b7036d956b880c69e81a0032", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/88153a15b3cea331b7036d956b880c69e81a0032" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47058", "reference_id": "CVE-2024-47058", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47058" }, { "reference_url": "https://github.com/advisories/GHSA-xv68-rrmw-9xwf", "reference_id": "GHSA-xv68-rrmw-9xwf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xv68-rrmw-9xwf" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf", "reference_id": "GHSA-xv68-rrmw-9xwf", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:42:03Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82702?format=api", "purl": "pkg:composer/mautic/core@4.4.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/82703?format=api", "purl": "pkg:composer/mautic/core@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1" } ], "aliases": [ "CVE-2024-47058", "GHSA-xv68-rrmw-9xwf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wny3-utyg-pqha" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.11.0" }