VulnerableCode Package Details - pkg:composer/mautic/core-lib@4.3.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-19zs-w8hs-abdm Aliases: CVE-2022-25768 GHSA-x3jx-5w6m-q2fc	Mautic vulnerable to Improper Access Control in UI upgrade process The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.	4.4.13 Affected by 0 other vulnerabilities. 5.1.1 Affected by 0 other vulnerabilities.
VCID-1x5b-am33-mkh4 Aliases: CVE-2022-25770 GHSA-qf6m-6m4g-rmrc	Mautic has insufficient authentication in upgrade flow Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable	4.4.13 Affected by 0 other vulnerabilities. 5.1.1 Affected by 0 other vulnerabilities.
VCID-2e51-qg2k-vqhd Aliases: CVE-2024-47050 GHSA-73gr-32wg-qhh7	Mautic vulnerable to XSS in contact/company tracking (no authentication) Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.	4.4.13 Affected by 0 other vulnerabilities. 5.1.1 Affected by 0 other vulnerabilities.
VCID-3q5j-jj2b-t7de Aliases: CVE-2024-47051 GHSA-73gx-x7r9-77x2	Mautic has insufficient authentication in upgrade flow Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable	4.4.13 Affected by 0 other vulnerabilities. 5.1.1 Affected by 0 other vulnerabilities.
VCID-e29q-5hg5-cfdq Aliases: CVE-2021-27917 GHSA-xpc5-rr39-v8v2	Mautic has an XSS in contact tracking and page hits report Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.	4.4.13 Affected by 0 other vulnerabilities. 5.1.1 Affected by 0 other vulnerabilities.
VCID-wny3-utyg-pqha Aliases: CVE-2024-47058 GHSA-xv68-rrmw-9xwf	Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field) With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.	4.4.13 Affected by 0 other vulnerabilities. 5.1.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-19zs-w8hs-abdm
Aliases:
CVE-2022-25768
GHSA-x3jx-5w6m-q2fc

Mautic vulnerable to Improper Access Control in UI upgrade process The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.