Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/mautic/core@4.4.12
purl pkg:composer/mautic/core@4.4.12
Next non-vulnerable version 4.4.13
Latest non-vulnerable version 7.0.1
Risk
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-19zs-w8hs-abdm
Aliases:
CVE-2022-25768
GHSA-x3jx-5w6m-q2fc
Mautic vulnerable to Improper Access Control in UI upgrade process The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.
4.4.13
Affected by 0 other vulnerabilities.
5.1.1
Affected by 0 other vulnerabilities.
VCID-1x5b-am33-mkh4
Aliases:
CVE-2022-25770
GHSA-qf6m-6m4g-rmrc
Mautic has insufficient authentication in upgrade flow Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable
4.4.13
Affected by 0 other vulnerabilities.
5.1.1
Affected by 0 other vulnerabilities.
VCID-2e51-qg2k-vqhd
Aliases:
CVE-2024-47050
GHSA-73gr-32wg-qhh7
Mautic vulnerable to XSS in contact/company tracking (no authentication) Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
4.4.13
Affected by 0 other vulnerabilities.
5.1.1
Affected by 0 other vulnerabilities.
VCID-e29q-5hg5-cfdq
Aliases:
CVE-2021-27917
GHSA-xpc5-rr39-v8v2
Mautic has an XSS in contact tracking and page hits report Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
4.4.13
Affected by 0 other vulnerabilities.
5.1.1
Affected by 0 other vulnerabilities.
VCID-sd7d-573z-n7dk
Aliases:
GHSA-5hc5-fxr9-5frc
Duplicate Advisory: Mautic has insufficient authentication in upgrade flow # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-qf6m-6m4g-rmrc. This link is maintained to preserve external references. # Original Description Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.
4.4.13
Affected by 0 other vulnerabilities.
5.1.1
Affected by 0 other vulnerabilities.
VCID-wny3-utyg-pqha
Aliases:
CVE-2024-47058
GHSA-xv68-rrmw-9xwf
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field) With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
4.4.13
Affected by 0 other vulnerabilities.
5.1.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (6)
Vulnerability Summary Aliases
VCID-5dp5-sahm-affj Mautic: MST-48 Server-Side Request Forgery in Asset section Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability. CVE-2022-25777
GHSA-mgv8-w49f-822w
VCID-8h2f-f8zx-wbfn Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic. CVE-2021-27916
GHSA-9fcx-cv56-w58p
VCID-9kw2-q4ek-jugf Mautic vulnerable to stored cross-site scripting in description field Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system. CVE-2021-27915
GHSA-2rc5-2755-v422
VCID-bdse-4ypf-abe3 Mautic Sensitive Data Exposure due to inadequate user permission settings Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names. CVE-2022-25776
GHSA-qjx3-2g35-6hv8
VCID-n3p3-jsyf-wuf5 Mautic vulnerable to cross-site scripting in notifications via saving Dashboards Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards. CVE-2022-25774
GHSA-fhcx-f7jg-jx3f
VCID-whnz-qj59-vkgz Mautic SQL Injection in dynamic Reports Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems. CVE-2022-25775
GHSA-jj6w-2cqg-7p94

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T05:23:46.210977+00:00 GitLab Importer Affected by VCID-sd7d-573z-n7dk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/GHSA-5hc5-fxr9-5frc.yml 38.6.0
2026-06-06T05:23:43.332743+00:00 GitLab Importer Affected by VCID-1x5b-am33-mkh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2022-25770.yml 38.6.0
2026-06-06T05:23:42.075943+00:00 GitLab Importer Affected by VCID-e29q-5hg5-cfdq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2021-27917.yml 38.6.0
2026-06-06T05:23:38.425843+00:00 GitLab Importer Affected by VCID-wny3-utyg-pqha https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2024-47058.yml 38.6.0
2026-06-06T05:23:34.940089+00:00 GitLab Importer Affected by VCID-19zs-w8hs-abdm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2022-25768.yml 38.6.0
2026-06-06T05:23:32.253160+00:00 GitLab Importer Affected by VCID-2e51-qg2k-vqhd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2024-47050.yml 38.6.0
2026-06-05T21:41:48.713360+00:00 GHSA Importer Fixing VCID-5dp5-sahm-affj https://github.com/advisories/GHSA-mgv8-w49f-822w 38.6.0
2026-06-05T21:41:48.414577+00:00 GHSA Importer Fixing VCID-bdse-4ypf-abe3 https://github.com/advisories/GHSA-qjx3-2g35-6hv8 38.6.0
2026-06-05T21:41:48.098757+00:00 GHSA Importer Fixing VCID-whnz-qj59-vkgz https://github.com/advisories/GHSA-jj6w-2cqg-7p94 38.6.0
2026-06-05T21:41:47.806548+00:00 GHSA Importer Fixing VCID-8h2f-f8zx-wbfn https://github.com/advisories/GHSA-9fcx-cv56-w58p 38.6.0
2026-06-05T21:41:46.899175+00:00 GHSA Importer Fixing VCID-n3p3-jsyf-wuf5 https://github.com/advisories/GHSA-fhcx-f7jg-jx3f 38.6.0
2026-06-05T21:41:46.588775+00:00 GHSA Importer Fixing VCID-9kw2-q4ek-jugf https://github.com/advisories/GHSA-2rc5-2755-v422 38.6.0
2026-06-04T16:45:19.348287+00:00 GithubOSV Importer Fixing VCID-whnz-qj59-vkgz https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-jj6w-2cqg-7p94/GHSA-jj6w-2cqg-7p94.json 38.6.0
2026-06-04T16:45:18.080852+00:00 GithubOSV Importer Fixing VCID-5dp5-sahm-affj https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-mgv8-w49f-822w/GHSA-mgv8-w49f-822w.json 38.6.0
2026-06-04T16:45:16.796097+00:00 GithubOSV Importer Fixing VCID-8h2f-f8zx-wbfn https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-9fcx-cv56-w58p/GHSA-9fcx-cv56-w58p.json 38.6.0
2026-06-04T16:45:15.850253+00:00 GithubOSV Importer Fixing VCID-bdse-4ypf-abe3 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-qjx3-2g35-6hv8/GHSA-qjx3-2g35-6hv8.json 38.6.0
2026-06-04T16:45:15.280433+00:00 GithubOSV Importer Fixing VCID-9kw2-q4ek-jugf https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-2rc5-2755-v422/GHSA-2rc5-2755-v422.json 38.6.0
2026-06-04T16:44:55.359106+00:00 GithubOSV Importer Fixing VCID-n3p3-jsyf-wuf5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-fhcx-f7jg-jx3f/GHSA-fhcx-f7jg-jx3f.json 38.6.0
2026-06-02T04:47:36.047866+00:00 GitLab Importer Fixing VCID-bdse-4ypf-abe3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2022-25776.yml 38.6.0
2026-06-02T04:47:35.952091+00:00 GitLab Importer Fixing VCID-8h2f-f8zx-wbfn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2021-27916.yml 38.6.0
2026-06-02T04:47:35.889488+00:00 GitLab Importer Fixing VCID-whnz-qj59-vkgz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2022-25775.yml 38.6.0
2026-06-02T04:47:35.743192+00:00 GitLab Importer Fixing VCID-n3p3-jsyf-wuf5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2022-25774.yml 38.6.0
2026-06-02T04:47:35.697964+00:00 GitLab Importer Fixing VCID-5dp5-sahm-affj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2022-25777.yml 38.6.0
2026-06-02T04:47:35.111764+00:00 GitLab Importer Fixing VCID-9kw2-q4ek-jugf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/mautic/core/CVE-2021-27915.yml 38.6.0