VulnerableCode Package Details - pkg:composer/mautic/core-lib@4.4.13

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-19zs-w8hs-abdm	Mautic vulnerable to Improper Access Control in UI upgrade process The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.	CVE-2022-25768 GHSA-x3jx-5w6m-q2fc
VCID-1x5b-am33-mkh4	Mautic has insufficient authentication in upgrade flow Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable	CVE-2022-25770 GHSA-qf6m-6m4g-rmrc
VCID-2e51-qg2k-vqhd	Mautic vulnerable to XSS in contact/company tracking (no authentication) Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.	CVE-2024-47050 GHSA-73gr-32wg-qhh7
VCID-3q5j-jj2b-t7de	Mautic has insufficient authentication in upgrade flow Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable	CVE-2024-47051 GHSA-73gx-x7r9-77x2
VCID-e29q-5hg5-cfdq	Mautic has an XSS in contact tracking and page hits report Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.	CVE-2021-27917 GHSA-xpc5-rr39-v8v2
VCID-wny3-utyg-pqha	Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field) With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.	CVE-2024-47058 GHSA-xv68-rrmw-9xwf

Vulnerability

Summary

Aliases

VCID-19zs-w8hs-abdm

Mautic vulnerable to Improper Access Control in UI upgrade process The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.

CVE-2022-25768
GHSA-x3jx-5w6m-q2fc

VCID-1x5b-am33-mkh4

Mautic has insufficient authentication in upgrade flow Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable

CVE-2022-25770
GHSA-qf6m-6m4g-rmrc

VCID-2e51-qg2k-vqhd

Mautic vulnerable to XSS in contact/company tracking (no authentication) Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.

CVE-2024-47050
GHSA-73gr-32wg-qhh7

VCID-3q5j-jj2b-t7de

CVE-2024-47051
GHSA-73gx-x7r9-77x2

VCID-e29q-5hg5-cfdq

Mautic has an XSS in contact tracking and page hits report Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.

CVE-2021-27917
GHSA-xpc5-rr39-v8v2

VCID-wny3-utyg-pqha

Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field) With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.

CVE-2024-47058
GHSA-xv68-rrmw-9xwf

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T21:48:48.340976+00:00	GHSA Importer	Fixing	VCID-1x5b-am33-mkh4	https://github.com/advisories/GHSA-qf6m-6m4g-rmrc	38.6.0
2026-06-05T21:48:47.559810+00:00	GHSA Importer	Fixing	VCID-e29q-5hg5-cfdq	https://github.com/advisories/GHSA-xpc5-rr39-v8v2	38.6.0
2026-06-05T21:48:46.744886+00:00	GHSA Importer	Fixing	VCID-2e51-qg2k-vqhd	https://github.com/advisories/GHSA-73gr-32wg-qhh7	38.6.0
2026-06-05T21:48:46.423533+00:00	GHSA Importer	Fixing	VCID-wny3-utyg-pqha	https://github.com/advisories/GHSA-xv68-rrmw-9xwf	38.6.0
2026-06-05T21:48:44.338690+00:00	GHSA Importer	Fixing	VCID-19zs-w8hs-abdm	https://github.com/advisories/GHSA-x3jx-5w6m-q2fc	38.6.0
2026-06-04T16:45:52.704804+00:00	GithubOSV Importer	Fixing	VCID-19zs-w8hs-abdm	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-x3jx-5w6m-q2fc/GHSA-x3jx-5w6m-q2fc.json	38.6.0
2026-06-04T16:45:41.351133+00:00	GithubOSV Importer	Fixing	VCID-2e51-qg2k-vqhd	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-73gr-32wg-qhh7/GHSA-73gr-32wg-qhh7.json	38.6.0
2026-06-04T16:45:39.972991+00:00	GithubOSV Importer	Fixing	VCID-1x5b-am33-mkh4	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-qf6m-6m4g-rmrc/GHSA-qf6m-6m4g-rmrc.json	38.6.0
2026-06-04T16:45:37.607269+00:00	GithubOSV Importer	Fixing	VCID-e29q-5hg5-cfdq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-xpc5-rr39-v8v2/GHSA-xpc5-rr39-v8v2.json	38.6.0
2026-06-04T16:45:35.481136+00:00	GithubOSV Importer	Fixing	VCID-wny3-utyg-pqha	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-xv68-rrmw-9xwf/GHSA-xv68-rrmw-9xwf.json	38.6.0
2026-06-04T16:22:18.174464+00:00	GitLab Importer	Fixing	VCID-1x5b-am33-mkh4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core-lib/CVE-2022-25770.yml	38.6.0
2026-06-04T16:22:17.881447+00:00	GitLab Importer	Fixing	VCID-wny3-utyg-pqha	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core-lib/CVE-2024-47058.yml	38.6.0
2026-06-04T16:22:17.792178+00:00	GitLab Importer	Fixing	VCID-19zs-w8hs-abdm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core-lib/CVE-2022-25768.yml	38.6.0
2026-06-04T16:22:17.724121+00:00	GitLab Importer	Fixing	VCID-e29q-5hg5-cfdq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core-lib/CVE-2021-27917.yml	38.6.0
2026-06-04T16:22:17.692004+00:00	GitLab Importer	Fixing	VCID-2e51-qg2k-vqhd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core-lib/CVE-2024-47050.yml	38.6.0
2026-06-04T16:22:17.547136+00:00	GitLab Importer	Fixing	VCID-3q5j-jj2b-t7de	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core-lib/CVE-2024-47051.yml	38.6.0