Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/mautic/core@2.10.0
Typecomposer
Namespacemautic
Namecore
Version2.10.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.3.4
Latest_non_vulnerable_version7.0.1
Affected_by_vulnerabilities
0
url VCID-1hew-3rb7-tkg8
vulnerability_id VCID-1hew-3rb7-tkg8
summary 
Cross-site Scripting
There is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter `bundle` in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27909
reference_id
reference_type
scores
0
value 0.18658
scoring_system epss
scoring_elements 0.95403
published_at 2026-06-05T12:55:00Z
1
value 0.18658
scoring_system epss
scoring_elements 0.95395
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27909
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27909.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27909.yaml
2
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
3
reference_url https://github.com/mautic/mautic/commit/942cb6992df619fdf1c181bfad9e25d5d4178b6f
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/942cb6992df619fdf1c181bfad9e25d5d4178b6f
4
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27909
reference_id CVE-2021-27909
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27909
fixed_packages
0
url pkg:composer/mautic/core@3.3.4
purl pkg:composer/mautic/core@3.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4
1
url pkg:composer/mautic/core@4.0.0
purl pkg:composer/mautic/core@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9t6r-g255-zbdq
1
vulnerability VCID-a3qv-sg57-gfd4
2
vulnerability VCID-hj6u-3g1s-97bm
3
vulnerability VCID-mbfx-4u6j-ybfp
4
vulnerability VCID-qhxy-1kmh-wyh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0
aliases CVE-2021-27909, GHSA-32hw-3pvh-vcvc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1hew-3rb7-tkg8
1
url VCID-1unf-fcpb-t7gr
vulnerability_id VCID-1unf-fcpb-t7gr
summary 
Cross-site Scripting
Mautic is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35129
reference_id
reference_type
scores
0
value 0.00617
scoring_system epss
scoring_elements 0.70358
published_at 2026-06-05T12:55:00Z
1
value 0.00617
scoring_system epss
scoring_elements 0.70316
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35129
1
reference_url https://forum.mautic.org/c/announcements/16
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://forum.mautic.org/c/announcements/16
2
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
3
reference_url https://labs.bishopfox.com/advisories/mautic-version-3.2.2
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://labs.bishopfox.com/advisories/mautic-version-3.2.2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35129
reference_id CVE-2020-35129
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35129
5
reference_url https://github.com/advisories/GHSA-3px5-wjh3-9x6r
reference_id GHSA-3px5-wjh3-9x6r
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3px5-wjh3-9x6r
fixed_packages
0
url pkg:composer/mautic/core@3.2.4
purl pkg:composer/mautic/core@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-9t6r-g255-zbdq
2
vulnerability VCID-ghuh-z1uh-mbf5
3
vulnerability VCID-gnga-y8vw-1kgm
4
vulnerability VCID-mbfx-4u6j-ybfp
5
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4
aliases CVE-2020-35129, GHSA-3px5-wjh3-9x6r
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1unf-fcpb-t7gr
2
url VCID-2bf9-tpw5-6ybc
vulnerability_id VCID-2bf9-tpw5-6ybc
summary 
Injection Vulnerability
Mautic allows CSV injection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8092
reference_id
reference_type
scores
0
value 0.00486
scoring_system epss
scoring_elements 0.65796
published_at 2026-06-05T12:55:00Z
1
value 0.00486
scoring_system epss
scoring_elements 0.65743
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8092
1
reference_url https://github.com/mautic/mautic/commit/cbc49f0ac4cc7e3acc07f2a85c079b2f85225a6b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/cbc49f0ac4cc7e3acc07f2a85c079b2f85225a6b
2
reference_url https://github.com/mautic/mautic/releases/tag/2.13.0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/2.13.0
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-29v9-2fpx-j5g9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-29v9-2fpx-j5g9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8092
reference_id CVE-2018-8092
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8092
fixed_packages
0
url pkg:composer/mautic/core@2.13.0
purl pkg:composer/mautic/core@2.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-9t6r-g255-zbdq
3
vulnerability VCID-9tjy-3czw-37as
4
vulnerability VCID-dh9y-k8zb-zkew
5
vulnerability VCID-ghuh-z1uh-mbf5
6
vulnerability VCID-gnga-y8vw-1kgm
7
vulnerability VCID-j624-5zx3-c7c8
8
vulnerability VCID-mbfx-4u6j-ybfp
9
vulnerability VCID-p9jy-6mbb-ukad
10
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.13.0
aliases CVE-2018-8092, GHSA-29v9-2fpx-j5g9
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2bf9-tpw5-6ybc
3
url VCID-4kqw-y2ds-eue2
vulnerability_id VCID-4kqw-y2ds-eue2
summary 
Cross-site Scripting
Mautic contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000506
reference_id
reference_type
scores
0
value 0.00398
scoring_system epss
scoring_elements 0.60946
published_at 2026-06-05T12:55:00Z
1
value 0.00398
scoring_system epss
scoring_elements 0.60898
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000506
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/issues/5222
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/issues/5222
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000506
reference_id CVE-2017-1000506
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000506
fixed_packages
0
url pkg:composer/mautic/core@2.12.0-beta
purl pkg:composer/mautic/core@2.12.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-2bf9-tpw5-6ybc
3
vulnerability VCID-7nmh-nhm6-abhr
4
vulnerability VCID-9t6r-g255-zbdq
5
vulnerability VCID-9tjy-3czw-37as
6
vulnerability VCID-dh9y-k8zb-zkew
7
vulnerability VCID-ghuh-z1uh-mbf5
8
vulnerability VCID-gnga-y8vw-1kgm
9
vulnerability VCID-hwrr-6qe1-77gn
10
vulnerability VCID-j624-5zx3-c7c8
11
vulnerability VCID-mbfx-4u6j-ybfp
12
vulnerability VCID-p9jy-6mbb-ukad
13
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0-beta
1
url pkg:composer/mautic/core@2.12.0
purl pkg:composer/mautic/core@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-2bf9-tpw5-6ybc
3
vulnerability VCID-7nmh-nhm6-abhr
4
vulnerability VCID-9t6r-g255-zbdq
5
vulnerability VCID-9tjy-3czw-37as
6
vulnerability VCID-dh9y-k8zb-zkew
7
vulnerability VCID-ghuh-z1uh-mbf5
8
vulnerability VCID-gnga-y8vw-1kgm
9
vulnerability VCID-hwrr-6qe1-77gn
10
vulnerability VCID-j624-5zx3-c7c8
11
vulnerability VCID-mbfx-4u6j-ybfp
12
vulnerability VCID-p9jy-6mbb-ukad
13
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0
2
url pkg:composer/mautic/core@2.14.2
purl pkg:composer/mautic/core@2.14.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-9t6r-g255-zbdq
3
vulnerability VCID-9tjy-3czw-37as
4
vulnerability VCID-dh9y-k8zb-zkew
5
vulnerability VCID-ghuh-z1uh-mbf5
6
vulnerability VCID-gnga-y8vw-1kgm
7
vulnerability VCID-j624-5zx3-c7c8
8
vulnerability VCID-mbfx-4u6j-ybfp
9
vulnerability VCID-p9jy-6mbb-ukad
10
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.14.2
aliases CVE-2017-1000506, GHSA-358v-cqjc-2pcq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kqw-y2ds-eue2
4
url VCID-4yn2-rg69-hqcs
vulnerability_id VCID-4yn2-rg69-hqcs
summary 
Path Traversal
Any authorized Mautic user could use the Filemanager to download any file from the server that the web user has access to.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000490
reference_id
reference_type
scores
0
value 0.00344
scoring_system epss
scoring_elements 0.57213
published_at 2026-06-04T12:55:00Z
1
value 0.00344
scoring_system epss
scoring_elements 0.57265
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000490
1
reference_url https://github.com/mautic/mautic/commit/3b01786433ae15e9a23f1eb9b0d3dfdb065b6241
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/3b01786433ae15e9a23f1eb9b0d3dfdb065b6241
2
reference_url https://github.com/mautic/mautic/releases/tag/2.12.0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/2.12.0
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-qpgw-2c72-4c89
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-qpgw-2c72-4c89
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000490
reference_id CVE-2017-1000490
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000490
fixed_packages
0
url pkg:composer/mautic/core@2.12.0-beta
purl pkg:composer/mautic/core@2.12.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-2bf9-tpw5-6ybc
3
vulnerability VCID-7nmh-nhm6-abhr
4
vulnerability VCID-9t6r-g255-zbdq
5
vulnerability VCID-9tjy-3czw-37as
6
vulnerability VCID-dh9y-k8zb-zkew
7
vulnerability VCID-ghuh-z1uh-mbf5
8
vulnerability VCID-gnga-y8vw-1kgm
9
vulnerability VCID-hwrr-6qe1-77gn
10
vulnerability VCID-j624-5zx3-c7c8
11
vulnerability VCID-mbfx-4u6j-ybfp
12
vulnerability VCID-p9jy-6mbb-ukad
13
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0-beta
1
url pkg:composer/mautic/core@2.12.0
purl pkg:composer/mautic/core@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-2bf9-tpw5-6ybc
3
vulnerability VCID-7nmh-nhm6-abhr
4
vulnerability VCID-9t6r-g255-zbdq
5
vulnerability VCID-9tjy-3czw-37as
6
vulnerability VCID-dh9y-k8zb-zkew
7
vulnerability VCID-ghuh-z1uh-mbf5
8
vulnerability VCID-gnga-y8vw-1kgm
9
vulnerability VCID-hwrr-6qe1-77gn
10
vulnerability VCID-j624-5zx3-c7c8
11
vulnerability VCID-mbfx-4u6j-ybfp
12
vulnerability VCID-p9jy-6mbb-ukad
13
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0
aliases CVE-2017-1000490, GHSA-qpgw-2c72-4c89
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4yn2-rg69-hqcs
5
url VCID-7nmh-nhm6-abhr
vulnerability_id VCID-7nmh-nhm6-abhr
summary 
Information Exposure
An issue was discovered in Mautic It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-10189
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.53602
published_at 2026-06-04T12:55:00Z
1
value 0.003
scoring_system epss
scoring_elements 0.53661
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-10189
1
reference_url https://github.com/mautic/mautic/releases/tag/2.13.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/2.13.0
2
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-vfxj-qg93-7wwc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-vfxj-qg93-7wwc
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-10189
reference_id CVE-2018-10189
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-10189
fixed_packages
0
url pkg:composer/mautic/core@2.13.0
purl pkg:composer/mautic/core@2.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-9t6r-g255-zbdq
3
vulnerability VCID-9tjy-3czw-37as
4
vulnerability VCID-dh9y-k8zb-zkew
5
vulnerability VCID-ghuh-z1uh-mbf5
6
vulnerability VCID-gnga-y8vw-1kgm
7
vulnerability VCID-j624-5zx3-c7c8
8
vulnerability VCID-mbfx-4u6j-ybfp
9
vulnerability VCID-p9jy-6mbb-ukad
10
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.13.0
aliases CVE-2018-10189, GHSA-vfxj-qg93-7wwc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nmh-nhm6-abhr
6
url VCID-8uef-cxb8-sfcu
vulnerability_id VCID-8uef-cxb8-sfcu
summary 
Cross-site Scripting
Mautic is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000488
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47497
published_at 2026-06-05T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.47432
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000488
1
reference_url https://github.com/mautic/mautic/commit/bda60c0eefbd19c759589e975e63ab1d201c1b8e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/bda60c0eefbd19c759589e975e63ab1d201c1b8e
2
reference_url https://github.com/mautic/mautic/releases/tag/2.12.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/2.12.0
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-qjhr-c23f-w76q
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-qjhr-c23f-w76q
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000488
reference_id CVE-2017-1000488
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000488
fixed_packages
0
url pkg:composer/mautic/core@2.12.0-beta
purl pkg:composer/mautic/core@2.12.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-2bf9-tpw5-6ybc
3
vulnerability VCID-7nmh-nhm6-abhr
4
vulnerability VCID-9t6r-g255-zbdq
5
vulnerability VCID-9tjy-3czw-37as
6
vulnerability VCID-dh9y-k8zb-zkew
7
vulnerability VCID-ghuh-z1uh-mbf5
8
vulnerability VCID-gnga-y8vw-1kgm
9
vulnerability VCID-hwrr-6qe1-77gn
10
vulnerability VCID-j624-5zx3-c7c8
11
vulnerability VCID-mbfx-4u6j-ybfp
12
vulnerability VCID-p9jy-6mbb-ukad
13
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0-beta
1
url pkg:composer/mautic/core@2.12.0
purl pkg:composer/mautic/core@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-2bf9-tpw5-6ybc
3
vulnerability VCID-7nmh-nhm6-abhr
4
vulnerability VCID-9t6r-g255-zbdq
5
vulnerability VCID-9tjy-3czw-37as
6
vulnerability VCID-dh9y-k8zb-zkew
7
vulnerability VCID-ghuh-z1uh-mbf5
8
vulnerability VCID-gnga-y8vw-1kgm
9
vulnerability VCID-hwrr-6qe1-77gn
10
vulnerability VCID-j624-5zx3-c7c8
11
vulnerability VCID-mbfx-4u6j-ybfp
12
vulnerability VCID-p9jy-6mbb-ukad
13
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0
aliases CVE-2017-1000488, GHSA-qjhr-c23f-w76q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8uef-cxb8-sfcu
7
url VCID-9t6r-g255-zbdq
vulnerability_id VCID-9t6r-g255-zbdq
summary 
Cross-site Scripting
Mautic is vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27912
reference_id
reference_type
scores
0
value 0.0069
scoring_system epss
scoring_elements 0.72176
published_at 2026-06-04T12:55:00Z
1
value 0.0069
scoring_system epss
scoring_elements 0.72217
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27912
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27912.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27912.yaml
2
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27912
reference_id CVE-2021-27912
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27912
fixed_packages
0
url pkg:composer/mautic/core@3.3.4
purl pkg:composer/mautic/core@3.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4
1
url pkg:composer/mautic/core@4.0.0-alpha1
purl pkg:composer/mautic/core@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-gnga-y8vw-1kgm
2
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0-alpha1
2
url pkg:composer/mautic/core@4.0.0
purl pkg:composer/mautic/core@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9t6r-g255-zbdq
1
vulnerability VCID-a3qv-sg57-gfd4
2
vulnerability VCID-hj6u-3g1s-97bm
3
vulnerability VCID-mbfx-4u6j-ybfp
4
vulnerability VCID-qhxy-1kmh-wyh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0
aliases CVE-2021-27912, GHSA-rh5w-82wh-jhr8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9t6r-g255-zbdq
8
url VCID-9tjy-3czw-37as
vulnerability_id VCID-9tjy-3czw-37as
summary 
Cross-site Scripting
A cross-site scripting (XSS) vulnerability in the assets component of Mautic allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35124
reference_id
reference_type
scores
0
value 0.01142
scoring_system epss
scoring_elements 0.7877
published_at 2026-06-04T12:55:00Z
1
value 0.01142
scoring_system epss
scoring_elements 0.78796
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35124
1
reference_url https://forum.mautic.org/c/announcements/16
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://forum.mautic.org/c/announcements/16
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35124.yaml
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35124.yaml
3
reference_url https://github.com/mautic/mautic/commit/20c5dc39b62164f6922ce53ea42cbb4ccec64e57
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/20c5dc39b62164f6922ce53ea42cbb4ccec64e57
4
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m
5
reference_url https://packagist.org/packages/mautic/core
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/mautic/core
6
reference_url https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce
7
reference_url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35124
reference_id CVE-2020-35124
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35124
fixed_packages
0
url pkg:composer/mautic/core@2.16.5
purl pkg:composer/mautic/core@2.16.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-9t6r-g255-zbdq
3
vulnerability VCID-9tjy-3czw-37as
4
vulnerability VCID-ghuh-z1uh-mbf5
5
vulnerability VCID-gnga-y8vw-1kgm
6
vulnerability VCID-mbfx-4u6j-ybfp
7
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5
1
url pkg:composer/mautic/core@3.2.4
purl pkg:composer/mautic/core@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-9t6r-g255-zbdq
2
vulnerability VCID-ghuh-z1uh-mbf5
3
vulnerability VCID-gnga-y8vw-1kgm
4
vulnerability VCID-mbfx-4u6j-ybfp
5
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4
aliases CVE-2020-35124, GHSA-39wj-j3jc-858m
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9tjy-3czw-37as
9
url VCID-dh9y-k8zb-zkew
vulnerability_id VCID-dh9y-k8zb-zkew
summary 
Cross-site Scripting
A cross-site scripting (XSS) vulnerability in the forms component of Mautic allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35125
reference_id
reference_type
scores
0
value 0.01246
scoring_system epss
scoring_elements 0.79631
published_at 2026-06-04T12:55:00Z
1
value 0.01246
scoring_system epss
scoring_elements 0.79658
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35125
1
reference_url https://forum.mautic.org/c/announcements/16
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://forum.mautic.org/c/announcements/16
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35125.yaml
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35125.yaml
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m
4
reference_url https://packagist.org/packages/mautic/core
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/mautic/core
5
reference_url https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce
6
reference_url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35125
reference_id CVE-2020-35125
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35125
8
reference_url https://github.com/advisories/GHSA-42q7-95j7-w62m
reference_id GHSA-42q7-95j7-w62m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-42q7-95j7-w62m
fixed_packages
0
url pkg:composer/mautic/core@2.16.5
purl pkg:composer/mautic/core@2.16.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-9t6r-g255-zbdq
3
vulnerability VCID-9tjy-3czw-37as
4
vulnerability VCID-ghuh-z1uh-mbf5
5
vulnerability VCID-gnga-y8vw-1kgm
6
vulnerability VCID-mbfx-4u6j-ybfp
7
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5
1
url pkg:composer/mautic/core@3.2.4
purl pkg:composer/mautic/core@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-9t6r-g255-zbdq
2
vulnerability VCID-ghuh-z1uh-mbf5
3
vulnerability VCID-gnga-y8vw-1kgm
4
vulnerability VCID-mbfx-4u6j-ybfp
5
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4
aliases CVE-2020-35125, GHSA-42q7-95j7-w62m
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dh9y-k8zb-zkew
10
url VCID-ghuh-z1uh-mbf5
vulnerability_id VCID-ghuh-z1uh-mbf5
summary 
Incorrect Permission Assignment for Critical Resource
Secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27908
reference_id
reference_type
scores
0
value 0.00109
scoring_system epss
scoring_elements 0.28726
published_at 2026-06-04T12:55:00Z
1
value 0.00109
scoring_system epss
scoring_elements 0.28799
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27908
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27908.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27908.yaml
2
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27908
reference_id CVE-2021-27908
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27908
fixed_packages
0
url pkg:composer/mautic/core@3.3.2
purl pkg:composer/mautic/core@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-9t6r-g255-zbdq
2
vulnerability VCID-gnga-y8vw-1kgm
3
vulnerability VCID-mbfx-4u6j-ybfp
4
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.2
aliases CVE-2021-27908, GHSA-4hjq-422q-4vpx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ghuh-z1uh-mbf5
11
url VCID-gnga-y8vw-1kgm
vulnerability_id VCID-gnga-y8vw-1kgm
summary 
Cross-site Scripting
Mautic is vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27911
reference_id
reference_type
scores
0
value 0.00352
scoring_system epss
scoring_elements 0.57888
published_at 2026-06-04T12:55:00Z
1
value 0.00352
scoring_system epss
scoring_elements 0.57941
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27911
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27911.yaml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27911.yaml
2
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27911
reference_id CVE-2021-27911
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27911
fixed_packages
0
url pkg:composer/mautic/core@3.3.4
purl pkg:composer/mautic/core@3.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4
1
url pkg:composer/mautic/core@4.0.0
purl pkg:composer/mautic/core@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9t6r-g255-zbdq
1
vulnerability VCID-a3qv-sg57-gfd4
2
vulnerability VCID-hj6u-3g1s-97bm
3
vulnerability VCID-mbfx-4u6j-ybfp
4
vulnerability VCID-qhxy-1kmh-wyh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0
aliases CVE-2021-27911, GHSA-72hm-fx78-xwhc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnga-y8vw-1kgm
12
url VCID-hwrr-6qe1-77gn
vulnerability_id VCID-hwrr-6qe1-77gn
summary 
Cross-site Scripting
Mautic before v2.13.0 has stored XSS via a theme config file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-8071
reference_id
reference_type
scores
0
value 0.0024
scoring_system epss
scoring_elements 0.47432
published_at 2026-06-04T12:55:00Z
1
value 0.0024
scoring_system epss
scoring_elements 0.47497
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-8071
1
reference_url https://github.com/mautic/mautic/commit/3add236e9cc00ea9b211b52cccc4660379b2ee8b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/3add236e9cc00ea9b211b52cccc4660379b2ee8b
2
reference_url https://github.com/mautic/mautic/releases/tag/2.13.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/2.13.0
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-5w74-jx7m-x6hv
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-5w74-jx7m-x6hv
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-8071
reference_id CVE-2018-8071
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-8071
fixed_packages
0
url pkg:composer/mautic/core@2.13.0
purl pkg:composer/mautic/core@2.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-9t6r-g255-zbdq
3
vulnerability VCID-9tjy-3czw-37as
4
vulnerability VCID-dh9y-k8zb-zkew
5
vulnerability VCID-ghuh-z1uh-mbf5
6
vulnerability VCID-gnga-y8vw-1kgm
7
vulnerability VCID-j624-5zx3-c7c8
8
vulnerability VCID-mbfx-4u6j-ybfp
9
vulnerability VCID-p9jy-6mbb-ukad
10
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.13.0
aliases CVE-2018-8071, GHSA-5w74-jx7m-x6hv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hwrr-6qe1-77gn
13
url VCID-j624-5zx3-c7c8
vulnerability_id VCID-j624-5zx3-c7c8
summary 
XSS in Mautic
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-3142.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-3142.yaml
1
reference_url https://github.com/mautic/mautic/commit/ba31db23e664f889da55a29ff27f797e2ab5cb1b
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/ba31db23e664f889da55a29ff27f797e2ab5cb1b
2
reference_url https://github.com/mautic/mautic/releases/tag/3.2.4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/3.2.4
3
reference_url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-3
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-3
4
reference_url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3142
reference_id CVE-2021-3142
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3142
6
reference_url https://github.com/advisories/GHSA-p7v4-gm6j-cw9m
reference_id GHSA-p7v4-gm6j-cw9m
reference_type
scores
url https://github.com/advisories/GHSA-p7v4-gm6j-cw9m
7
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-p7v4-gm6j-cw9m
reference_id GHSA-p7v4-gm6j-cw9m
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-p7v4-gm6j-cw9m
fixed_packages
0
url pkg:composer/mautic/core@2.16.5
purl pkg:composer/mautic/core@2.16.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-9t6r-g255-zbdq
3
vulnerability VCID-9tjy-3czw-37as
4
vulnerability VCID-ghuh-z1uh-mbf5
5
vulnerability VCID-gnga-y8vw-1kgm
6
vulnerability VCID-mbfx-4u6j-ybfp
7
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5
1
url pkg:composer/mautic/core@3.2.4
purl pkg:composer/mautic/core@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-9t6r-g255-zbdq
2
vulnerability VCID-ghuh-z1uh-mbf5
3
vulnerability VCID-gnga-y8vw-1kgm
4
vulnerability VCID-mbfx-4u6j-ybfp
5
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4
aliases CVE-2021-3142, GHSA-p7v4-gm6j-cw9m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j624-5zx3-c7c8
14
url VCID-k2tn-w8n6-8ba1
vulnerability_id VCID-k2tn-w8n6-8ba1
summary 
Improper Authentication
Mautic allows a disabled user to still login using email address.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-1000489
reference_id
reference_type
scores
0
value 0.00271
scoring_system epss
scoring_elements 0.50821
published_at 2026-06-05T12:55:00Z
1
value 0.00271
scoring_system epss
scoring_elements 0.5076
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-1000489
1
reference_url https://github.com/mautic/mautic/commit/fd933cbef795b04cabdc50527cb18e037488fef9
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/fd933cbef795b04cabdc50527cb18e037488fef9
2
reference_url https://github.com/mautic/mautic/releases/tag/2.12.0
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/2.12.0
3
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-6x98-fx9j-7c78
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-6x98-fx9j-7c78
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-1000489
reference_id CVE-2017-1000489
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-1000489
fixed_packages
0
url pkg:composer/mautic/core@2.12.0-beta
purl pkg:composer/mautic/core@2.12.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-2bf9-tpw5-6ybc
3
vulnerability VCID-7nmh-nhm6-abhr
4
vulnerability VCID-9t6r-g255-zbdq
5
vulnerability VCID-9tjy-3czw-37as
6
vulnerability VCID-dh9y-k8zb-zkew
7
vulnerability VCID-ghuh-z1uh-mbf5
8
vulnerability VCID-gnga-y8vw-1kgm
9
vulnerability VCID-hwrr-6qe1-77gn
10
vulnerability VCID-j624-5zx3-c7c8
11
vulnerability VCID-mbfx-4u6j-ybfp
12
vulnerability VCID-p9jy-6mbb-ukad
13
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0-beta
1
url pkg:composer/mautic/core@2.12.0
purl pkg:composer/mautic/core@2.12.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-2bf9-tpw5-6ybc
3
vulnerability VCID-7nmh-nhm6-abhr
4
vulnerability VCID-9t6r-g255-zbdq
5
vulnerability VCID-9tjy-3czw-37as
6
vulnerability VCID-dh9y-k8zb-zkew
7
vulnerability VCID-ghuh-z1uh-mbf5
8
vulnerability VCID-gnga-y8vw-1kgm
9
vulnerability VCID-hwrr-6qe1-77gn
10
vulnerability VCID-j624-5zx3-c7c8
11
vulnerability VCID-mbfx-4u6j-ybfp
12
vulnerability VCID-p9jy-6mbb-ukad
13
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.0
aliases CVE-2017-1000489, GHSA-6x98-fx9j-7c78
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k2tn-w8n6-8ba1
15
url VCID-mbfx-4u6j-ybfp
vulnerability_id VCID-mbfx-4u6j-ybfp
summary 
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic ;
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27913
reference_id
reference_type
scores
0
value 0.00089
scoring_system epss
scoring_elements 0.25345
published_at 2026-06-05T12:55:00Z
1
value 0.00089
scoring_system epss
scoring_elements 0.25249
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27913
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27913.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27913.yaml
2
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
3
reference_url https://github.com/mautic/mautic/commit/d1cad766a2de74e6c6b89d6d78c2a5f2e36ba91c
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/d1cad766a2de74e6c6b89d6d78c2a5f2e36ba91c
4
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27913
reference_id CVE-2021-27913
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27913
fixed_packages
0
url pkg:composer/mautic/core@3.3.4
purl pkg:composer/mautic/core@3.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4
1
url pkg:composer/mautic/core@4.0.0-alpha1
purl pkg:composer/mautic/core@4.0.0-alpha1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-gnga-y8vw-1kgm
2
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0-alpha1
2
url pkg:composer/mautic/core@4.0.0
purl pkg:composer/mautic/core@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9t6r-g255-zbdq
1
vulnerability VCID-a3qv-sg57-gfd4
2
vulnerability VCID-hj6u-3g1s-97bm
3
vulnerability VCID-mbfx-4u6j-ybfp
4
vulnerability VCID-qhxy-1kmh-wyh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0
aliases CVE-2021-27913, GHSA-x7g2-wrrp-r6h3
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbfx-4u6j-ybfp
16
url VCID-p9jy-6mbb-ukad
vulnerability_id VCID-p9jy-6mbb-ukad
summary 
Cross-site Scripting
Mautic is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-35128
reference_id
reference_type
scores
0
value 0.00651
scoring_system epss
scoring_elements 0.71253
published_at 2026-06-04T12:55:00Z
1
value 0.00651
scoring_system epss
scoring_elements 0.71297
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-35128
1
reference_url https://forum.mautic.org/c/announcements/16
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://forum.mautic.org/c/announcements/16
2
reference_url https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786
3
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
4
reference_url https://labs.bishopfox.com/advisories/mautic-version-3.2.2
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://labs.bishopfox.com/advisories/mautic-version-3.2.2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-35128
reference_id CVE-2020-35128
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-35128
6
reference_url https://github.com/advisories/GHSA-98j2-3jv7-274m
reference_id GHSA-98j2-3jv7-274m
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98j2-3jv7-274m
fixed_packages
0
url pkg:composer/mautic/core@2.16.5
purl pkg:composer/mautic/core@2.16.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-1unf-fcpb-t7gr
2
vulnerability VCID-9t6r-g255-zbdq
3
vulnerability VCID-9tjy-3czw-37as
4
vulnerability VCID-ghuh-z1uh-mbf5
5
vulnerability VCID-gnga-y8vw-1kgm
6
vulnerability VCID-mbfx-4u6j-ybfp
7
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5
1
url pkg:composer/mautic/core@3.2.4
purl pkg:composer/mautic/core@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1hew-3rb7-tkg8
1
vulnerability VCID-9t6r-g255-zbdq
2
vulnerability VCID-ghuh-z1uh-mbf5
3
vulnerability VCID-gnga-y8vw-1kgm
4
vulnerability VCID-mbfx-4u6j-ybfp
5
vulnerability VCID-trhp-bjp1-57ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4
aliases CVE-2020-35128, GHSA-98j2-3jv7-274m
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p9jy-6mbb-ukad
17
url VCID-swy6-81uq-4kcs
vulnerability_id VCID-swy6-81uq-4kcs
summary 
Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting
This advisory addresses a SQL Injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated against an allowlist, potentially allowing authenticated users to inject arbitrary SQL commands via the API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3105
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15977
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3105
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/releases/tag/5.2.10
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/5.2.10
3
reference_url https://github.com/mautic/mautic/releases/tag/6.0.8
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/6.0.8
4
reference_url https://github.com/mautic/mautic/releases/tag/7.0.1
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/releases/tag/7.0.1
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3105
reference_id CVE-2026-3105
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3105
6
reference_url https://github.com/advisories/GHSA-r5j5-q42h-fc93
reference_id GHSA-r5j5-q42h-fc93
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r5j5-q42h-fc93
7
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93
reference_id GHSA-r5j5-q42h-fc93
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:02:03Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93
fixed_packages
0
url pkg:composer/mautic/core@5.2.10
purl pkg:composer/mautic/core@5.2.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.10
1
url pkg:composer/mautic/core@6.0.8
purl pkg:composer/mautic/core@6.0.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.8
2
url pkg:composer/mautic/core@7.0.1
purl pkg:composer/mautic/core@7.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@7.0.1
aliases CVE-2026-3105, GHSA-r5j5-q42h-fc93
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swy6-81uq-4kcs
18
url VCID-trhp-bjp1-57ey
vulnerability_id VCID-trhp-bjp1-57ey
summary 
Cross-site Scripting
Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the `error` and `error_related_to` parameters of the POST request (`POST /mailer/<product / webhook>/callback`). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27910
reference_id
reference_type
scores
0
value 0.00435
scoring_system epss
scoring_elements 0.63253
published_at 2026-06-05T12:55:00Z
1
value 0.00435
scoring_system epss
scoring_elements 0.63209
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27910
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27910.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27910.yaml
2
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
3
reference_url https://github.com/mautic/mautic/commit/e6a405975342f3cf86aa71927618d31d25135fa3
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/e6a405975342f3cf86aa71927618d31d25135fa3
4
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27910
reference_id CVE-2021-27910
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27910
fixed_packages
0
url pkg:composer/mautic/core@3.3.4
purl pkg:composer/mautic/core@3.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4
1
url pkg:composer/mautic/core@4.0.0
purl pkg:composer/mautic/core@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9t6r-g255-zbdq
1
vulnerability VCID-a3qv-sg57-gfd4
2
vulnerability VCID-hj6u-3g1s-97bm
3
vulnerability VCID-mbfx-4u6j-ybfp
4
vulnerability VCID-qhxy-1kmh-wyh2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0
aliases CVE-2021-27910, GHSA-86pv-95mj-7w5f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-trhp-bjp1-57ey
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.10.0