VulnerableCode Package Details - pkg:composer/mautic/core@3.0.0-beta

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/mautic/core@3.0.0-beta

Essentials
History (3)

purl	pkg:composer/mautic/core@3.0.0-beta

Next non-vulnerable version	3.3.2
Latest non-vulnerable version	7.0.1
Risk	4.5

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-1unf-fcpb-t7gr Aliases: CVE-2020-35129 GHSA-3px5-wjh3-9x6r	Cross-site Scripting Mautic is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.	3.2.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-9tjy-3czw-37as Aliases: CVE-2020-35124 GHSA-39wj-j3jc-858m	Cross-site Scripting A cross-site scripting (XSS) vulnerability in the assets component of Mautic allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.	3.2.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-ghuh-z1uh-mbf5 Aliases: CVE-2021-27908 GHSA-4hjq-422q-4vpx	Incorrect Permission Assignment for Critical Resource Secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.	3.3.2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:47:19.183392+00:00	GitLab Importer	Affected by	VCID-ghuh-z1uh-mbf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2021-27908.yml	38.6.0
2026-06-04T20:44:03.223642+00:00	GitLab Importer	Affected by	VCID-9tjy-3czw-37as	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2020-35124.yml	38.6.0
2026-06-04T20:43:20.190175+00:00	GitLab Importer	Affected by	VCID-1unf-fcpb-t7gr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2020-35129.yml	38.6.0