Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/730741?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/730741?format=api", "purl": "pkg:composer/mautic/core@5.0.0-beta2", "type": "composer", "namespace": "mautic", "name": "core", "version": "5.0.0-beta2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.2.10", "latest_non_vulnerable_version": "7.0.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55860?format=api", "vulnerability_id": "VCID-19zs-w8hs-abdm", "summary": "Mautic vulnerable to Improper Access Control in UI upgrade process\nThe logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.59149", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00369", "scoring_system": "epss", "scoring_elements": "0.59101", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25768" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/89f964d06f00688016b38a56dfd9e95fc676c7ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/89f964d06f00688016b38a56dfd9e95fc676c7ce" }, { "reference_url": "https://github.com/mautic/mautic/commit/925aeee7d3dbb6ca67f92d9dc5893d99250f739b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/925aeee7d3dbb6ca67f92d9dc5893d99250f739b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25768", "reference_id": "CVE-2022-25768", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25768" }, { "reference_url": "https://github.com/advisories/GHSA-x3jx-5w6m-q2fc", "reference_id": "GHSA-x3jx-5w6m-q2fc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x3jx-5w6m-q2fc" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc", "reference_id": "GHSA-x3jx-5w6m-q2fc", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "7.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:42:37Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82703?format=api", "purl": "pkg:composer/mautic/core@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1" } ], "aliases": [ "CVE-2022-25768", "GHSA-x3jx-5w6m-q2fc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-19zs-w8hs-abdm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55869?format=api", "vulnerability_id": "VCID-1x5b-am33-mkh4", "summary": "Mautic has insufficient authentication in upgrade flow\nMautic allows you to update the application via an upgrade script.\n\nThe upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.\n\nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25770", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53243", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53181", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25770" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca" }, { "reference_url": "https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25770", "reference_id": "CVE-2022-25770", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25770" }, { "reference_url": "https://github.com/advisories/GHSA-qf6m-6m4g-rmrc", "reference_id": "GHSA-qf6m-6m4g-rmrc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qf6m-6m4g-rmrc" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc", "reference_id": "GHSA-qf6m-6m4g-rmrc", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T14:47:02Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82703?format=api", "purl": "pkg:composer/mautic/core@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1" } ], "aliases": [ "CVE-2022-25770", "GHSA-qf6m-6m4g-rmrc" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1x5b-am33-mkh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55858?format=api", "vulnerability_id": "VCID-2e51-qg2k-vqhd", "summary": "Mautic vulnerable to XSS in contact/company tracking (no authentication)\nPrior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47050", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01135", "scoring_system": "epss", "scoring_elements": "0.78733", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47050" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/0f21a3aa9c896788e1986fae0d7f166fc7a14c30", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/0f21a3aa9c896788e1986fae0d7f166fc7a14c30" }, { "reference_url": "https://github.com/mautic/mautic/commit/43db5e492c0ef82c917745849d5b454dbc8ca2c4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/43db5e492c0ef82c917745849d5b454dbc8ca2c4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47050", "reference_id": "CVE-2024-47050", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47050" }, { "reference_url": "https://github.com/advisories/GHSA-73gr-32wg-qhh7", "reference_id": "GHSA-73gr-32wg-qhh7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-73gr-32wg-qhh7" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7", "reference_id": "GHSA-73gr-32wg-qhh7", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:41:10Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82703?format=api", "purl": "pkg:composer/mautic/core@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1" } ], "aliases": [ "CVE-2024-47050", "GHSA-73gr-32wg-qhh7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2e51-qg2k-vqhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55859?format=api", "vulnerability_id": "VCID-3q5j-jj2b-t7de", "summary": "Mautic has insufficient authentication in upgrade flow\nMautic allows you to update the application via an upgrade script.\n\nThe upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.\n\nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47051", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01106", "scoring_system": "epss", "scoring_elements": "0.78462", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47051" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca" }, { "reference_url": "https://github.com/mautic/mautic/commit/75bc488ce98b9c8ec01114984049fc1c42c0cae5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/75bc488ce98b9c8ec01114984049fc1c42c0cae5" }, { "reference_url": "https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf" }, { "reference_url": "https://owasp.org/www-community/attacks/Code_Injection", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T14:29:14Z/" } ], "url": "https://owasp.org/www-community/attacks/Code_Injection" }, { "reference_url": "https://owasp.org/www-community/attacks/Path_Traversal", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T14:29:14Z/" } ], "url": "https://owasp.org/www-community/attacks/Path_Traversal" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47051", "reference_id": "CVE-2024-47051", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47051" }, { "reference_url": "https://github.com/advisories/GHSA-73gx-x7r9-77x2", "reference_id": "GHSA-73gx-x7r9-77x2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-73gx-x7r9-77x2" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2", "reference_id": "GHSA-73gx-x7r9-77x2", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T14:29:14Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2" }, { "reference_url": "https://github.com/advisories/GHSA-qf6m-6m4g-rmrc", "reference_id": "GHSA-qf6m-6m4g-rmrc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qf6m-6m4g-rmrc" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc", "reference_id": "GHSA-qf6m-6m4g-rmrc", "reference_type": "", "scores": [], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84187?format=api", "purl": "pkg:composer/mautic/core@5.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.3" } ], "aliases": [ "CVE-2024-47051", "GHSA-73gx-x7r9-77x2" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3q5j-jj2b-t7de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47473?format=api", "vulnerability_id": "VCID-5dp5-sahm-affj", "summary": "Mautic: MST-48 Server-Side Request Forgery in Asset section\nPrior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40514", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40434", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25777" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/b4b4ab5f0613854152ceb7b5e5228acf50648fd0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/b4b4ab5f0613854152ceb7b5e5228acf50648fd0" }, { "reference_url": "https://github.com/mautic/mautic/commit/c54befd9eaaa49e4fc10a0fe22435c09ef2821b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/c54befd9eaaa49e4fc10a0fe22435c09ef2821b2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25777", "reference_id": "CVE-2022-25777", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25777" }, { "reference_url": "https://github.com/advisories/GHSA-mgv8-w49f-822w", "reference_id": "GHSA-mgv8-w49f-822w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mgv8-w49f-822w" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w", "reference_id": "GHSA-mgv8-w49f-822w", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T17:16:39Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69774?format=api", "purl": "pkg:composer/mautic/core@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-wny3-utyg-pqha" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.4" } ], "aliases": [ "CVE-2022-25777", "GHSA-mgv8-w49f-822w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5dp5-sahm-affj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57354?format=api", "vulnerability_id": "VCID-6yv4-1yes-hkfs", "summary": "Mautic does not shield .env files from web traffic\nThis advisory addresses a security vulnerability in Mautic where sensitive `.env` configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations.\n\nSensitive Information Disclosure via `.env` File Exposure: The `.env` file, which typically contains environment variables and sensitive application configurations, is directly accessible via a web browser due to missing web server configurations that restrict access to such files. This allows an unauthenticated attacker to view the contents of this file by simply navigating to its URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15651", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47056" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47056", "reference_id": "CVE-2024-47056", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47056" }, { "reference_url": "https://github.com/advisories/GHSA-h2wg-v8wg-jhxh", "reference_id": "GHSA-h2wg-v8wg-jhxh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h2wg-v8wg-jhxh" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh", "reference_id": "GHSA-h2wg-v8wg-jhxh", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T23:45:38Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-h2wg-v8wg-jhxh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85234?format=api", "purl": "pkg:composer/mautic/core@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/85235?format=api", "purl": "pkg:composer/mautic/core@6.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.2" } ], "aliases": [ "CVE-2024-47056", "GHSA-h2wg-v8wg-jhxh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6yv4-1yes-hkfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47478?format=api", "vulnerability_id": "VCID-8h2f-f8zx-wbfn", "summary": "Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder\nPrior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.\n\nThis vulnerability exists in the implementation of the GrapesJS builder in Mautic.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35642", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35547", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27916" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/546045ff9c74dd8b3dac36c4ab3674380262c65a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/546045ff9c74dd8b3dac36c4ab3674380262c65a" }, { "reference_url": "https://github.com/mautic/mautic/commit/95e8df3ae6730c725f1848d70e7992da369518f3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/95e8df3ae6730c725f1848d70e7992da369518f3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27916", "reference_id": "CVE-2021-27916", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27916" }, { "reference_url": "https://github.com/advisories/GHSA-9fcx-cv56-w58p", "reference_id": "GHSA-9fcx-cv56-w58p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9fcx-cv56-w58p" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p", "reference_id": "GHSA-9fcx-cv56-w58p", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:57:12Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69774?format=api", "purl": "pkg:composer/mautic/core@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-wny3-utyg-pqha" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.4" } ], "aliases": [ "CVE-2021-27916", "GHSA-9fcx-cv56-w58p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8h2f-f8zx-wbfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56716?format=api", "vulnerability_id": "VCID-9upf-7u9p-hkaa", "summary": "Mautic allows Relative Path Traversal in assets file upload\nThis advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.\n\n* **Improper Limitation of a Pathname to a Restricted Directory:** A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34878", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34782", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25773" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/e6aaad99f399c5df1ce6273609920098e5c2564a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/e6aaad99f399c5df1ce6273609920098e5c2564a" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25773", "reference_id": "CVE-2022-25773", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25773" }, { "reference_url": "https://github.com/advisories/GHSA-4w2w-36vm-c8hf", "reference_id": "GHSA-4w2w-36vm-c8hf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4w2w-36vm-c8hf" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf", "reference_id": "GHSA-4w2w-36vm-c8hf", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:54:09Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84187?format=api", "purl": "pkg:composer/mautic/core@5.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.3" } ], "aliases": [ "CVE-2022-25773", "GHSA-4w2w-36vm-c8hf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9upf-7u9p-hkaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47479?format=api", "vulnerability_id": "VCID-bdse-4ypf-abe3", "summary": "Mautic Sensitive Data Exposure due to inadequate user permission settings\nPrior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.\n\nUsers could potentially access sensitive data such as names and surnames, company names and stage names.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18363", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00058", "scoring_system": "epss", "scoring_elements": "0.18286", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25776" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/22bdd0796ca6e1e985708b89ad5c07147630fecd", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/22bdd0796ca6e1e985708b89ad5c07147630fecd" }, { "reference_url": "https://github.com/mautic/mautic/commit/2cc4af975fe01c264d439acc1451c936e7114644", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/2cc4af975fe01c264d439acc1451c936e7114644" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25776", "reference_id": "CVE-2022-25776", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25776" }, { "reference_url": "https://github.com/advisories/GHSA-qjx3-2g35-6hv8", "reference_id": "GHSA-qjx3-2g35-6hv8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qjx3-2g35-6hv8" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8", "reference_id": "GHSA-qjx3-2g35-6hv8", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T15:58:56Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69774?format=api", "purl": "pkg:composer/mautic/core@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-wny3-utyg-pqha" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.4" } ], "aliases": [ "CVE-2022-25776", "GHSA-qjx3-2g35-6hv8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bdse-4ypf-abe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56719?format=api", "vulnerability_id": "VCID-ckj2-3ujt-fbhz", "summary": "Mautic allows Improper Authorization in Reporting API\nThis advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.\n\n* **Improper Authorization:** An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API. This bypasses the intended access controls governed by the \"Reporting Permissions > View Own\" and \"Reporting Permissions > View Others\" permissions, which should restrict access to non-System Reports.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39631", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47053" }, { "reference_url": "https://cwe.mitre.org/data/definitions/287.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:43:36Z/" } ], "url": "https://cwe.mitre.org/data/definitions/287.html" }, { "reference_url": "https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:43:36Z/" } ], "url": "https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/9d7ee57c92502ef77cddb091011c5ffef14b11ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/9d7ee57c92502ef77cddb091011c5ffef14b11ee" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47053", "reference_id": "CVE-2024-47053", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47053" }, { "reference_url": "https://github.com/advisories/GHSA-8xv7-g2q3-fqgc", "reference_id": "GHSA-8xv7-g2q3-fqgc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8xv7-g2q3-fqgc" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc", "reference_id": "GHSA-8xv7-g2q3-fqgc", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:43:36Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/84187?format=api", "purl": "pkg:composer/mautic/core@5.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.3" } ], "aliases": [ "CVE-2024-47053", "GHSA-8xv7-g2q3-fqgc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ckj2-3ujt-fbhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55863?format=api", "vulnerability_id": "VCID-e29q-5hg5-cfdq", "summary": "Mautic has an XSS in contact tracking and page hits report\nPrior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27917", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.6402", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0045", "scoring_system": "epss", "scoring_elements": "0.63978", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-27917" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/550e33562d03363f7592fa9354259787a23a1d98", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/550e33562d03363f7592fa9354259787a23a1d98" }, { "reference_url": "https://github.com/mautic/mautic/commit/629165ac905c53bbb44feb5a6dbadb1dfd6d5564", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/629165ac905c53bbb44feb5a6dbadb1dfd6d5564" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27917", "reference_id": "CVE-2021-27917", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27917" }, { "reference_url": "https://github.com/advisories/GHSA-xpc5-rr39-v8v2", "reference_id": "GHSA-xpc5-rr39-v8v2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xpc5-rr39-v8v2" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2", "reference_id": "GHSA-xpc5-rr39-v8v2", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:40:34Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82703?format=api", "purl": "pkg:composer/mautic/core@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1" } ], "aliases": [ "CVE-2021-27917", "GHSA-xpc5-rr39-v8v2" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e29q-5hg5-cfdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58059?format=api", "vulnerability_id": "VCID-f8d8-kqpm-ekhc", "summary": "Mautic Vulnerable to User Enumeration via Response Timing\nThe attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9824", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2299", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9824" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/6bc4f5f1aabb13df12714ad0ea9fc281cbb867c6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/6bc4f5f1aabb13df12714ad0ea9fc281cbb867c6" }, { "reference_url": "https://github.com/mautic/mautic/commit/b4264c717ce31fbafafcefc04b02ecb9fb911e62", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/b4264c717ce31fbafafcefc04b02ecb9fb911e62" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9824", "reference_id": "CVE-2025-9824", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9824" }, { "reference_url": "https://github.com/advisories/GHSA-3ggv-qwcp-j6xg", "reference_id": "GHSA-3ggv-qwcp-j6xg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3ggv-qwcp-j6xg" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-3ggv-qwcp-j6xg", "reference_id": "GHSA-3ggv-qwcp-j6xg", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:45:46Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-3ggv-qwcp-j6xg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86356?format=api", "purl": "pkg:composer/mautic/core@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/86357?format=api", "purl": "pkg:composer/mautic/core@6.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.5" } ], "aliases": [ "CVE-2025-9824", "GHSA-3ggv-qwcp-j6xg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f8d8-kqpm-ekhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58048?format=api", "vulnerability_id": "VCID-fa5a-r46u-nbfm", "summary": "Mautic vulnerable to SSRF via webhook function\nUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9821", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15465", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9821" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/6084f6de4c88d1aeb5f6c73ea4fe1b09c98ea52b", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/6084f6de4c88d1aeb5f6c73ea4fe1b09c98ea52b" }, { "reference_url": "https://github.com/mautic/mautic/commit/dc5bb1466c9a48fd34768dc8ff5888716b2916ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/dc5bb1466c9a48fd34768dc8ff5888716b2916ba" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9821", "reference_id": "CVE-2025-9821", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9821" }, { "reference_url": "https://github.com/advisories/GHSA-hj6f-7hp7-xg69", "reference_id": "GHSA-hj6f-7hp7-xg69", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hj6f-7hp7-xg69" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-hj6f-7hp7-xg69", "reference_id": "GHSA-hj6f-7hp7-xg69", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:07:29Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-hj6f-7hp7-xg69" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86356?format=api", "purl": "pkg:composer/mautic/core@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/86357?format=api", "purl": "pkg:composer/mautic/core@6.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.5" } ], "aliases": [ "CVE-2025-9821", "GHSA-hj6f-7hp7-xg69" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fa5a-r46u-nbfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57361?format=api", "vulnerability_id": "VCID-g21m-aehf-wkfw", "summary": "Mautic allows user name enumeration due to response time difference on password reset form\nThis advisory addresses a security vulnerability in Mautic related to the \"Forget your password\" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames.\n\nUser Enumeration via Timing Attack: A user enumeration vulnerability exists in the \"Forget your password\" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47057", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47683", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47057" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47057", "reference_id": "CVE-2024-47057", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47057" }, { "reference_url": "https://github.com/advisories/GHSA-424x-cxvh-wq9p", "reference_id": "GHSA-424x-cxvh-wq9p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-424x-cxvh-wq9p" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p", "reference_id": "GHSA-424x-cxvh-wq9p", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:58:43Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85234?format=api", "purl": "pkg:composer/mautic/core@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/85235?format=api", "purl": "pkg:composer/mautic/core@6.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.2" } ], "aliases": [ "CVE-2024-47057", "GHSA-424x-cxvh-wq9p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g21m-aehf-wkfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57357?format=api", "vulnerability_id": "VCID-hj6u-3g1s-97bm", "summary": "Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure\nThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information.\n\nUnauthorized Access to Unpublished Page Previews: The page preview functionality for unpublished content, accessible via predictable URLs (e.g., `/page/preview/1`, `/page/preview/2`), lacked proper authorization checks. This allowed any unauthenticated user to view content that was not yet intended for public release, and allowed search engines to index these private preview URLs, making the content publicly discoverable.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5257", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0046", "scoring_system": "epss", "scoring_elements": "0.64472", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5257" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5257", "reference_id": "CVE-2025-5257", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5257" }, { "reference_url": "https://github.com/advisories/GHSA-cqx4-9vqf-q3m8", "reference_id": "GHSA-cqx4-9vqf-q3m8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cqx4-9vqf-q3m8" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-cqx4-9vqf-q3m8", "reference_id": "GHSA-cqx4-9vqf-q3m8", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T23:41:33Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-cqx4-9vqf-q3m8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85234?format=api", "purl": "pkg:composer/mautic/core@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/85235?format=api", "purl": "pkg:composer/mautic/core@6.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.2" } ], "aliases": [ "CVE-2025-5257", "GHSA-cqx4-9vqf-q3m8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hj6u-3g1s-97bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57352?format=api", "vulnerability_id": "VCID-jxs8-apn6-dbfd", "summary": "Mautic has an Open Redirect vulnerability on user unlock path.\nThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits.\n\nOpen Redirection via `returnUrl` Parameter: An Open Redirection vulnerability exists in the `/s/action/unlock/user.user/0` endpoint. The `returnUrl` parameter, intended for post-action redirection, is not properly validated. This allows an attacker to craft a URL that, when clicked by a user, redirects them to an arbitrary external website controlled by the attacker.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5256", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40322", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5256" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5256", "reference_id": "CVE-2025-5256", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5256" }, { "reference_url": "https://github.com/advisories/GHSA-6vx9-9r2g-8373", "reference_id": "GHSA-6vx9-9r2g-8373", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6vx9-9r2g-8373" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-6vx9-9r2g-8373", "reference_id": "GHSA-6vx9-9r2g-8373", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T17:57:26Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-6vx9-9r2g-8373" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85234?format=api", "purl": "pkg:composer/mautic/core@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/85235?format=api", "purl": "pkg:composer/mautic/core@6.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.2" } ], "aliases": [ "CVE-2025-5256", "GHSA-6vx9-9r2g-8373" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jxs8-apn6-dbfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58049?format=api", "vulnerability_id": "VCID-qz5x-pz9p-93eu", "summary": "Mautic vulnerable to secret data extraction via elfinder\n_A user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available._", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9822", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20393", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9822" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/882c2c5be646e36f7b91e7c4b24f71aafa617cd5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/882c2c5be646e36f7b91e7c4b24f71aafa617cd5" }, { "reference_url": "https://github.com/mautic/mautic/commit/a310b1933de7cfefec03382a4d8c0d9dbbaa0600", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/a310b1933de7cfefec03382a4d8c0d9dbbaa0600" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9822", "reference_id": "CVE-2025-9822", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9822" }, { "reference_url": "https://github.com/advisories/GHSA-438m-6mhw-hq5w", "reference_id": "GHSA-438m-6mhw-hq5w", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-438m-6mhw-hq5w" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-438m-6mhw-hq5w", "reference_id": "GHSA-438m-6mhw-hq5w", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:08:49Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-438m-6mhw-hq5w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86356?format=api", "purl": "pkg:composer/mautic/core@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/86357?format=api", "purl": "pkg:composer/mautic/core@6.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.5" } ], "aliases": [ "CVE-2025-9822", "GHSA-438m-6mhw-hq5w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qz5x-pz9p-93eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58050?format=api", "vulnerability_id": "VCID-s7r1-3b25-bbe6", "summary": "Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add\nA Cross-Site Scripting (XSS) vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious actions such as session hijacking, credential theft, or unauthorized actions in the application.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9823", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25229", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9823" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9823", "reference_id": "CVE-2025-9823", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9823" }, { "reference_url": "https://github.com/advisories/GHSA-9v8p-m85m-f7mm", "reference_id": "GHSA-9v8p-m85m-f7mm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9v8p-m85m-f7mm" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-9v8p-m85m-f7mm", "reference_id": "GHSA-9v8p-m85m-f7mm", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-03T17:32:56Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-9v8p-m85m-f7mm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86356?format=api", "purl": "pkg:composer/mautic/core@5.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/86357?format=api", "purl": "pkg:composer/mautic/core@6.0.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.5" } ], "aliases": [ "CVE-2025-9823", "GHSA-9v8p-m85m-f7mm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s7r1-3b25-bbe6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50398?format=api", "vulnerability_id": "VCID-swy6-81uq-4kcs", "summary": "Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting\nThis advisory addresses a SQL Injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated against an allowlist, potentially allowing authenticated users to inject arbitrary SQL commands via the API.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3105", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15977", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3105" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/releases/tag/5.2.10", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/releases/tag/5.2.10" }, { "reference_url": "https://github.com/mautic/mautic/releases/tag/6.0.8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/releases/tag/6.0.8" }, { "reference_url": "https://github.com/mautic/mautic/releases/tag/7.0.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/releases/tag/7.0.1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3105", "reference_id": "CVE-2026-3105", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3105" }, { "reference_url": "https://github.com/advisories/GHSA-r5j5-q42h-fc93", "reference_id": "GHSA-r5j5-q42h-fc93", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r5j5-q42h-fc93" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93", "reference_id": "GHSA-r5j5-q42h-fc93", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:02:03Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74286?format=api", "purl": "pkg:composer/mautic/core@5.2.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/74287?format=api", "purl": "pkg:composer/mautic/core@6.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/74288?format=api", "purl": "pkg:composer/mautic/core@7.0.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@7.0.1" } ], "aliases": [ "CVE-2026-3105", "GHSA-r5j5-q42h-fc93" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-swy6-81uq-4kcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47477?format=api", "vulnerability_id": "VCID-whnz-qj59-vkgz", "summary": "Mautic SQL Injection in dynamic Reports\nPrior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle.\n\nThe user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25775", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21415", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21334", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-25775" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/cab65e0acc4f23c4f07c117dee1b69dac5abed3f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/cab65e0acc4f23c4f07c117dee1b69dac5abed3f" }, { "reference_url": "https://github.com/mautic/mautic/commit/e75b1eea16309588f069169b5882cf53f854dbd8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/e75b1eea16309588f069169b5882cf53f854dbd8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25775", "reference_id": "CVE-2022-25775", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25775" }, { "reference_url": "https://github.com/advisories/GHSA-jj6w-2cqg-7p94", "reference_id": "GHSA-jj6w-2cqg-7p94", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jj6w-2cqg-7p94" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94", "reference_id": "GHSA-jj6w-2cqg-7p94", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T17:46:22Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-jj6w-2cqg-7p94" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69774?format=api", "purl": "pkg:composer/mautic/core@5.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19zs-w8hs-abdm" }, { "vulnerability": "VCID-1x5b-am33-mkh4" }, { "vulnerability": "VCID-2e51-qg2k-vqhd" }, { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-e29q-5hg5-cfdq" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-sd7d-573z-n7dk" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-wny3-utyg-pqha" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.4" } ], "aliases": [ "CVE-2022-25775", "GHSA-jj6w-2cqg-7p94" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-whnz-qj59-vkgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55864?format=api", "vulnerability_id": "VCID-wny3-utyg-pqha", "summary": "Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)\nWith access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00186", "scoring_system": "epss", "scoring_elements": "0.40273", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47058" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://github.com/mautic/mautic/commit/344b908ef690283e7d8d3fc5cc1327396a1c3046", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/344b908ef690283e7d8d3fc5cc1327396a1c3046" }, { "reference_url": "https://github.com/mautic/mautic/commit/88153a15b3cea331b7036d956b880c69e81a0032", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic/commit/88153a15b3cea331b7036d956b880c69e81a0032" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47058", "reference_id": "CVE-2024-47058", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47058" }, { "reference_url": "https://github.com/advisories/GHSA-xv68-rrmw-9xwf", "reference_id": "GHSA-xv68-rrmw-9xwf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xv68-rrmw-9xwf" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf", "reference_id": "GHSA-xv68-rrmw-9xwf", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:42:03Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82703?format=api", "purl": "pkg:composer/mautic/core@5.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3q5j-jj2b-t7de" }, { "vulnerability": "VCID-6yv4-1yes-hkfs" }, { "vulnerability": "VCID-9upf-7u9p-hkaa" }, { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-ckj2-3ujt-fbhz" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-g21m-aehf-wkfw" }, { "vulnerability": "VCID-hj6u-3g1s-97bm" }, { "vulnerability": "VCID-jxs8-apn6-dbfd" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" }, { "vulnerability": "VCID-xsmg-dqq4-kqgf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1" } ], "aliases": [ "CVE-2024-47058", "GHSA-xv68-rrmw-9xwf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wny3-utyg-pqha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57362?format=api", "vulnerability_id": "VCID-xsmg-dqq4-kqgf", "summary": "Mautic segment cloning doesn't have a proper permission check\nThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks.\n\nInsecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the `cloneAction` of the segment management. This allows an authenticated user to bypass intended permission restrictions and clone segments even if they lack the necessary permissions to create new ones.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47055", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44576", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47055" }, { "reference_url": "https://github.com/mautic/mautic", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mautic/mautic" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47055", "reference_id": "CVE-2024-47055", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47055" }, { "reference_url": "https://github.com/advisories/GHSA-vph5-ghq3-q782", "reference_id": "GHSA-vph5-ghq3-q782", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vph5-ghq3-q782" }, { "reference_url": "https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782", "reference_id": "GHSA-vph5-ghq3-q782", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T19:02:39Z/" } ], "url": "https://github.com/mautic/mautic/security/advisories/GHSA-vph5-ghq3-q782" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/85234?format=api", "purl": "pkg:composer/mautic/core@5.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/85235?format=api", "purl": "pkg:composer/mautic/core@6.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-a3qv-sg57-gfd4" }, { "vulnerability": "VCID-f8d8-kqpm-ekhc" }, { "vulnerability": "VCID-fa5a-r46u-nbfm" }, { "vulnerability": "VCID-qz5x-pz9p-93eu" }, { "vulnerability": "VCID-s7r1-3b25-bbe6" }, { "vulnerability": "VCID-swy6-81uq-4kcs" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.2" } ], "aliases": [ "CVE-2024-47055", "GHSA-vph5-ghq3-q782" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsmg-dqq4-kqgf" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.0-beta2" }