{"url":"http://public2.vulnerablecode.io/api/packages/217423?format=json","purl":"pkg:composer/mautic/core@2.12.2-beta","type":"composer","namespace":"mautic","name":"core","version":"2.12.2-beta","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.2.10","latest_non_vulnerable_version":"7.0.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55860?format=json","vulnerability_id":"VCID-19zs-w8hs-abdm","summary":"Mautic vulnerable to Improper Access Control in UI upgrade process\nThe logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25768","reference_id":"","reference_type":"","scores":[{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59149","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00369","scoring_system":"epss","scoring_elements":"0.59101","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25768"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/89f964d06f00688016b38a56dfd9e95fc676c7ce","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/89f964d06f00688016b38a56dfd9e95fc676c7ce"},{"reference_url":"https://github.com/mautic/mautic/commit/925aeee7d3dbb6ca67f92d9dc5893d99250f739b","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/925aeee7d3dbb6ca67f92d9dc5893d99250f739b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25768","reference_id":"CVE-2022-25768","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25768"},{"reference_url":"https://github.com/advisories/GHSA-x3jx-5w6m-q2fc","reference_id":"GHSA-x3jx-5w6m-q2fc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x3jx-5w6m-q2fc"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc","reference_id":"GHSA-x3jx-5w6m-q2fc","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"7.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:42:37Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82702?format=json","purl":"pkg:composer/mautic/core@4.4.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13"},{"url":"http://public2.vulnerablecode.io/api/packages/82703?format=json","purl":"pkg:composer/mautic/core@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-xsmg-dqq4-kqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1"}],"aliases":["CVE-2022-25768","GHSA-x3jx-5w6m-q2fc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-19zs-w8hs-abdm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41385?format=json","vulnerability_id":"VCID-1hew-3rb7-tkg8","summary":"Cross-site Scripting\nThere is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter `bundle` in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password reset URL with the vulnerable parameter utilized.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27909","reference_id":"","reference_type":"","scores":[{"value":"0.18658","scoring_system":"epss","scoring_elements":"0.95403","published_at":"2026-06-05T12:55:00Z"},{"value":"0.18658","scoring_system":"epss","scoring_elements":"0.95395","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27909"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27909.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27909.yaml"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/942cb6992df619fdf1c181bfad9e25d5d4178b6f","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/942cb6992df619fdf1c181bfad9e25d5d4178b6f"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-32hw-3pvh-vcvc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27909","reference_id":"CVE-2021-27909","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27909"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58816?format=json","purl":"pkg:composer/mautic/core@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/58815?format=json","purl":"pkg:composer/mautic/core@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0"}],"aliases":["CVE-2021-27909","GHSA-32hw-3pvh-vcvc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hew-3rb7-tkg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53958?format=json","vulnerability_id":"VCID-1unf-fcpb-t7gr","summary":"Cross-site Scripting\nMautic is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35129","reference_id":"","reference_type":"","scores":[{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.70358","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.70316","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35129"},{"reference_url":"https://forum.mautic.org/c/announcements/16","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.mautic.org/c/announcements/16"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://labs.bishopfox.com/advisories/mautic-version-3.2.2","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://labs.bishopfox.com/advisories/mautic-version-3.2.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35129","reference_id":"CVE-2020-35129","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35129"},{"reference_url":"https://github.com/advisories/GHSA-3px5-wjh3-9x6r","reference_id":"GHSA-3px5-wjh3-9x6r","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3px5-wjh3-9x6r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79564?format=json","purl":"pkg:composer/mautic/core@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1hew-3rb7-tkg8"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-ghuh-z1uh-mbf5"},{"vulnerability":"VCID-gnga-y8vw-1kgm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-trhp-bjp1-57ey"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4"}],"aliases":["CVE-2020-35129","GHSA-3px5-wjh3-9x6r"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1unf-fcpb-t7gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55869?format=json","vulnerability_id":"VCID-1x5b-am33-mkh4","summary":"Mautic has insufficient authentication in upgrade flow\nMautic allows you to update the application via an upgrade script.\n\nThe upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.\n\nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25770","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53243","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53181","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25770"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca"},{"reference_url":"https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25770","reference_id":"CVE-2022-25770","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25770"},{"reference_url":"https://github.com/advisories/GHSA-qf6m-6m4g-rmrc","reference_id":"GHSA-qf6m-6m4g-rmrc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qf6m-6m4g-rmrc"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc","reference_id":"GHSA-qf6m-6m4g-rmrc","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T14:47:02Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82702?format=json","purl":"pkg:composer/mautic/core@4.4.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13"},{"url":"http://public2.vulnerablecode.io/api/packages/82703?format=json","purl":"pkg:composer/mautic/core@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-xsmg-dqq4-kqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1"}],"aliases":["CVE-2022-25770","GHSA-qf6m-6m4g-rmrc"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1x5b-am33-mkh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39581?format=json","vulnerability_id":"VCID-2bf9-tpw5-6ybc","summary":"Injection Vulnerability\nMautic allows CSV injection.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8092","reference_id":"","reference_type":"","scores":[{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65796","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65743","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8092"},{"reference_url":"https://github.com/mautic/mautic/commit/cbc49f0ac4cc7e3acc07f2a85c079b2f85225a6b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/cbc49f0ac4cc7e3acc07f2a85c079b2f85225a6b"},{"reference_url":"https://github.com/mautic/mautic/releases/tag/2.13.0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/releases/tag/2.13.0"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-29v9-2fpx-j5g9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-29v9-2fpx-j5g9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8092","reference_id":"CVE-2018-8092","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8092"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55381?format=json","purl":"pkg:composer/mautic/core@2.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1hew-3rb7-tkg8"},{"vulnerability":"VCID-1unf-fcpb-t7gr"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9tjy-3czw-37as"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-dh9y-k8zb-zkew"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-ghuh-z1uh-mbf5"},{"vulnerability":"VCID-gnga-y8vw-1kgm"},{"vulnerability":"VCID-j624-5zx3-c7c8"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-p9jy-6mbb-ukad"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-trhp-bjp1-57ey"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.13.0"}],"aliases":["CVE-2018-8092","GHSA-29v9-2fpx-j5g9"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2bf9-tpw5-6ybc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55858?format=json","vulnerability_id":"VCID-2e51-qg2k-vqhd","summary":"Mautic vulnerable to XSS in contact/company tracking (no authentication)\nPrior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47050","reference_id":"","reference_type":"","scores":[{"value":"0.01135","scoring_system":"epss","scoring_elements":"0.78733","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47050"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/0f21a3aa9c896788e1986fae0d7f166fc7a14c30","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/0f21a3aa9c896788e1986fae0d7f166fc7a14c30"},{"reference_url":"https://github.com/mautic/mautic/commit/43db5e492c0ef82c917745849d5b454dbc8ca2c4","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/43db5e492c0ef82c917745849d5b454dbc8ca2c4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47050","reference_id":"CVE-2024-47050","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47050"},{"reference_url":"https://github.com/advisories/GHSA-73gr-32wg-qhh7","reference_id":"GHSA-73gr-32wg-qhh7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-73gr-32wg-qhh7"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7","reference_id":"GHSA-73gr-32wg-qhh7","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:41:10Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82702?format=json","purl":"pkg:composer/mautic/core@4.4.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13"},{"url":"http://public2.vulnerablecode.io/api/packages/82703?format=json","purl":"pkg:composer/mautic/core@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-xsmg-dqq4-kqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1"}],"aliases":["CVE-2024-47050","GHSA-73gr-32wg-qhh7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2e51-qg2k-vqhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110926?format=json","vulnerability_id":"VCID-3agv-evyh-k3hk","summary":"Cross-site Scripting vulnerability in Mautic's tracking pixel functionality\n### Impact\n\nMautic allows you to track open rates by using tracking pixels. \nThe tracking information is stored together with extra metadata of the tracking request.\n\nThe output isn't sufficiently filtered when showing the metadata of the tracking information, which may lead to a vulnerable situation.\n\n### Patches\n\nPlease upgrade to 4.3.0\n\n### Workarounds\nNone.\n\n### References\n* Internally tracked under MST-38\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [security@mautic.org](mailto:security@mautic.org)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25772","reference_id":"","reference_type":"","scores":[{"value":"0.02993","scoring_system":"epss","scoring_elements":"0.86808","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02993","scoring_system":"epss","scoring_elements":"0.86831","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25772"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/462eb596027fd949efbf9ac5cb2b376805e9d246","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/462eb596027fd949efbf9ac5cb2b376805e9d246"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-pjpc-87mp-4332"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25772","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25772"},{"reference_url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html"},{"reference_url":"https://github.com/advisories/GHSA-pjpc-87mp-4332","reference_id":"GHSA-pjpc-87mp-4332","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pjpc-87mp-4332"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150225?format=json","purl":"pkg:composer/mautic/core@4.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.3.0"}],"aliases":["CVE-2022-25772","GHSA-pjpc-87mp-4332","GMS-2022-1448"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3agv-evyh-k3hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55859?format=json","vulnerability_id":"VCID-3q5j-jj2b-t7de","summary":"Mautic has insufficient authentication in upgrade flow\nMautic allows you to update the application via an upgrade script.\n\nThe upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.\n\nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47051","reference_id":"","reference_type":"","scores":[{"value":"0.01106","scoring_system":"epss","scoring_elements":"0.78462","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47051"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca"},{"reference_url":"https://github.com/mautic/mautic/commit/75bc488ce98b9c8ec01114984049fc1c42c0cae5","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/75bc488ce98b9c8ec01114984049fc1c42c0cae5"},{"reference_url":"https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf"},{"reference_url":"https://owasp.org/www-community/attacks/Code_Injection","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T14:29:14Z/"}],"url":"https://owasp.org/www-community/attacks/Code_Injection"},{"reference_url":"https://owasp.org/www-community/attacks/Path_Traversal","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T14:29:14Z/"}],"url":"https://owasp.org/www-community/attacks/Path_Traversal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47051","reference_id":"CVE-2024-47051","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47051"},{"reference_url":"https://github.com/advisories/GHSA-73gx-x7r9-77x2","reference_id":"GHSA-73gx-x7r9-77x2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-73gx-x7r9-77x2"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2","reference_id":"GHSA-73gx-x7r9-77x2","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T14:29:14Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2"},{"reference_url":"https://github.com/advisories/GHSA-qf6m-6m4g-rmrc","reference_id":"GHSA-qf6m-6m4g-rmrc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qf6m-6m4g-rmrc"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc","reference_id":"GHSA-qf6m-6m4g-rmrc","reference_type":"","scores":[],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84187?format=json","purl":"pkg:composer/mautic/core@5.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-xsmg-dqq4-kqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.3"}],"aliases":["CVE-2024-47051","GHSA-73gx-x7r9-77x2"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3q5j-jj2b-t7de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47473?format=json","vulnerability_id":"VCID-5dp5-sahm-affj","summary":"Mautic: MST-48  Server-Side Request Forgery in Asset section\nPrior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25777","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40514","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40434","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25777"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/b4b4ab5f0613854152ceb7b5e5228acf50648fd0","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/b4b4ab5f0613854152ceb7b5e5228acf50648fd0"},{"reference_url":"https://github.com/mautic/mautic/commit/c54befd9eaaa49e4fc10a0fe22435c09ef2821b2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/c54befd9eaaa49e4fc10a0fe22435c09ef2821b2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25777","reference_id":"CVE-2022-25777","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25777"},{"reference_url":"https://github.com/advisories/GHSA-mgv8-w49f-822w","reference_id":"GHSA-mgv8-w49f-822w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mgv8-w49f-822w"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w","reference_id":"GHSA-mgv8-w49f-822w","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T17:16:39Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69757?format=json","purl":"pkg:composer/mautic/core@4.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/69774?format=json","purl":"pkg:composer/mautic/core@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-wny3-utyg-pqha"},{"vulnerability":"VCID-xsmg-dqq4-kqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.4"}],"aliases":["CVE-2022-25777","GHSA-mgv8-w49f-822w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5dp5-sahm-affj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39571?format=json","vulnerability_id":"VCID-7nmh-nhm6-abhr","summary":"Information Exposure\nAn issue was discovered in Mautic It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10189","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53602","published_at":"2026-06-04T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53661","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10189"},{"reference_url":"https://github.com/mautic/mautic/releases/tag/2.13.0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/releases/tag/2.13.0"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-vfxj-qg93-7wwc","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-vfxj-qg93-7wwc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10189","reference_id":"CVE-2018-10189","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10189"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55381?format=json","purl":"pkg:composer/mautic/core@2.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1hew-3rb7-tkg8"},{"vulnerability":"VCID-1unf-fcpb-t7gr"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9tjy-3czw-37as"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-dh9y-k8zb-zkew"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-ghuh-z1uh-mbf5"},{"vulnerability":"VCID-gnga-y8vw-1kgm"},{"vulnerability":"VCID-j624-5zx3-c7c8"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-p9jy-6mbb-ukad"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-trhp-bjp1-57ey"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.13.0"}],"aliases":["CVE-2018-10189","GHSA-vfxj-qg93-7wwc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7nmh-nhm6-abhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47464?format=json","vulnerability_id":"VCID-9kw2-q4ek-jugf","summary":"Mautic vulnerable to stored cross-site scripting in description field\nPrior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.\n\nThis could lead to the user having elevated access to the system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27915","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41069","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.40993","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27915"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/2d648394e183b1d2d910cea32e89d40a5915b5d4","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/2d648394e183b1d2d910cea32e89d40a5915b5d4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27915","reference_id":"CVE-2021-27915","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27915"},{"reference_url":"https://github.com/advisories/GHSA-2rc5-2755-v422","reference_id":"GHSA-2rc5-2755-v422","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2rc5-2755-v422"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422","reference_id":"GHSA-2rc5-2755-v422","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-17T15:59:08Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69757?format=json","purl":"pkg:composer/mautic/core@4.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/69773?format=json","purl":"pkg:composer/mautic/core@5.0.0-alpha","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"},{"vulnerability":"VCID-xsmg-dqq4-kqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.0-alpha"}],"aliases":["CVE-2021-27915","GHSA-2rc5-2755-v422"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9kw2-q4ek-jugf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41378?format=json","vulnerability_id":"VCID-9t6r-g255-zbdq","summary":"Cross-site Scripting\nMautic is vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27912","reference_id":"","reference_type":"","scores":[{"value":"0.0069","scoring_system":"epss","scoring_elements":"0.72176","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0069","scoring_system":"epss","scoring_elements":"0.72217","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27912"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27912.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27912.yaml"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-rh5w-82wh-jhr8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27912","reference_id":"CVE-2021-27912","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27912"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58816?format=json","purl":"pkg:composer/mautic/core@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/58817?format=json","purl":"pkg:composer/mautic/core@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1hew-3rb7-tkg8"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-gnga-y8vw-1kgm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-trhp-bjp1-57ey"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/58815?format=json","purl":"pkg:composer/mautic/core@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0"}],"aliases":["CVE-2021-27912","GHSA-rh5w-82wh-jhr8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9t6r-g255-zbdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54001?format=json","vulnerability_id":"VCID-9tjy-3czw-37as","summary":"Cross-site Scripting\nA cross-site scripting (XSS) vulnerability in the assets component of Mautic allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35124","reference_id":"","reference_type":"","scores":[{"value":"0.01142","scoring_system":"epss","scoring_elements":"0.7877","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01142","scoring_system":"epss","scoring_elements":"0.78796","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35124"},{"reference_url":"https://forum.mautic.org/c/announcements/16","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.mautic.org/c/announcements/16"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35124.yaml","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35124.yaml"},{"reference_url":"https://github.com/mautic/mautic/commit/20c5dc39b62164f6922ce53ea42cbb4ccec64e57","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/20c5dc39b62164f6922ce53ea42cbb4ccec64e57"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-39wj-j3jc-858m"},{"reference_url":"https://packagist.org/packages/mautic/core","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/mautic/core"},{"reference_url":"https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"},{"reference_url":"https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35124","reference_id":"CVE-2020-35124","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35124"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79578?format=json","purl":"pkg:composer/mautic/core@2.16.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1hew-3rb7-tkg8"},{"vulnerability":"VCID-1unf-fcpb-t7gr"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9tjy-3czw-37as"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-ghuh-z1uh-mbf5"},{"vulnerability":"VCID-gnga-y8vw-1kgm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-trhp-bjp1-57ey"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5"},{"url":"http://public2.vulnerablecode.io/api/packages/79564?format=json","purl":"pkg:composer/mautic/core@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1hew-3rb7-tkg8"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-ghuh-z1uh-mbf5"},{"vulnerability":"VCID-gnga-y8vw-1kgm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-trhp-bjp1-57ey"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4"}],"aliases":["CVE-2020-35124","GHSA-39wj-j3jc-858m"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tjy-3czw-37as"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56716?format=json","vulnerability_id":"VCID-9upf-7u9p-hkaa","summary":"Mautic allows Relative Path Traversal in assets file upload\nThis advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.\n\n* **Improper Limitation of a Pathname to a Restricted Directory:** A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25773","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34878","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34782","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25773"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/e6aaad99f399c5df1ce6273609920098e5c2564a","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/e6aaad99f399c5df1ce6273609920098e5c2564a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25773","reference_id":"CVE-2022-25773","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25773"},{"reference_url":"https://github.com/advisories/GHSA-4w2w-36vm-c8hf","reference_id":"GHSA-4w2w-36vm-c8hf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4w2w-36vm-c8hf"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf","reference_id":"GHSA-4w2w-36vm-c8hf","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:54:09Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84187?format=json","purl":"pkg:composer/mautic/core@5.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-xsmg-dqq4-kqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.3"}],"aliases":["CVE-2022-25773","GHSA-4w2w-36vm-c8hf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9upf-7u9p-hkaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47479?format=json","vulnerability_id":"VCID-bdse-4ypf-abe3","summary":"Mautic Sensitive Data Exposure due to inadequate user permission settings\nPrior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.\n\nUsers could potentially access sensitive data such as names and surnames, company names and stage names.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25776","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18363","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18286","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25776"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/22bdd0796ca6e1e985708b89ad5c07147630fecd","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/22bdd0796ca6e1e985708b89ad5c07147630fecd"},{"reference_url":"https://github.com/mautic/mautic/commit/2cc4af975fe01c264d439acc1451c936e7114644","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/2cc4af975fe01c264d439acc1451c936e7114644"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25776","reference_id":"CVE-2022-25776","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25776"},{"reference_url":"https://github.com/advisories/GHSA-qjx3-2g35-6hv8","reference_id":"GHSA-qjx3-2g35-6hv8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qjx3-2g35-6hv8"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8","reference_id":"GHSA-qjx3-2g35-6hv8","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T15:58:56Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-qjx3-2g35-6hv8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69757?format=json","purl":"pkg:composer/mautic/core@4.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12"},{"url":"http://public2.vulnerablecode.io/api/packages/69774?format=json","purl":"pkg:composer/mautic/core@5.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-wny3-utyg-pqha"},{"vulnerability":"VCID-xsmg-dqq4-kqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.0.4"}],"aliases":["CVE-2022-25776","GHSA-qjx3-2g35-6hv8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bdse-4ypf-abe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56719?format=json","vulnerability_id":"VCID-ckj2-3ujt-fbhz","summary":"Mautic allows Improper Authorization in Reporting API\nThis advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data.\n\n* **Improper Authorization:** An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated user, regardless of assigned roles or permissions, can access all reports and their associated data via the API.  This bypasses the intended access controls governed by the \"Reporting Permissions > View Own\" and \"Reporting Permissions > View Others\" permissions, which should restrict access to non-System Reports.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47053","reference_id":"","reference_type":"","scores":[{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39631","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47053"},{"reference_url":"https://cwe.mitre.org/data/definitions/287.html","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:43:36Z/"}],"url":"https://cwe.mitre.org/data/definitions/287.html"},{"reference_url":"https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:43:36Z/"}],"url":"https://docs.mautic.org/en/5.2/configuration/settings.html#api-settings"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/9d7ee57c92502ef77cddb091011c5ffef14b11ee","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/9d7ee57c92502ef77cddb091011c5ffef14b11ee"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47053","reference_id":"CVE-2024-47053","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47053"},{"reference_url":"https://github.com/advisories/GHSA-8xv7-g2q3-fqgc","reference_id":"GHSA-8xv7-g2q3-fqgc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8xv7-g2q3-fqgc"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc","reference_id":"GHSA-8xv7-g2q3-fqgc","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:43:36Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-8xv7-g2q3-fqgc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/84187?format=json","purl":"pkg:composer/mautic/core@5.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-xsmg-dqq4-kqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.3"}],"aliases":["CVE-2024-47053","GHSA-8xv7-g2q3-fqgc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ckj2-3ujt-fbhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54046?format=json","vulnerability_id":"VCID-dh9y-k8zb-zkew","summary":"Cross-site Scripting\nA cross-site scripting (XSS) vulnerability in the forms component of Mautic allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35125","reference_id":"","reference_type":"","scores":[{"value":"0.01246","scoring_system":"epss","scoring_elements":"0.79631","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01246","scoring_system":"epss","scoring_elements":"0.79658","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35125"},{"reference_url":"https://forum.mautic.org/c/announcements/16","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.mautic.org/c/announcements/16"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35125.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2020-35125.yaml"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-42q7-95j7-w62m"},{"reference_url":"https://packagist.org/packages/mautic/core","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/mautic/core"},{"reference_url":"https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce"},{"reference_url":"https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35125","reference_id":"CVE-2020-35125","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35125"},{"reference_url":"https://github.com/advisories/GHSA-42q7-95j7-w62m","reference_id":"GHSA-42q7-95j7-w62m","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-42q7-95j7-w62m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79578?format=json","purl":"pkg:composer/mautic/core@2.16.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1hew-3rb7-tkg8"},{"vulnerability":"VCID-1unf-fcpb-t7gr"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9tjy-3czw-37as"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-ghuh-z1uh-mbf5"},{"vulnerability":"VCID-gnga-y8vw-1kgm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-trhp-bjp1-57ey"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5"},{"url":"http://public2.vulnerablecode.io/api/packages/79564?format=json","purl":"pkg:composer/mautic/core@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1hew-3rb7-tkg8"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-ghuh-z1uh-mbf5"},{"vulnerability":"VCID-gnga-y8vw-1kgm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-trhp-bjp1-57ey"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4"}],"aliases":["CVE-2020-35125","GHSA-42q7-95j7-w62m"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dh9y-k8zb-zkew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55863?format=json","vulnerability_id":"VCID-e29q-5hg5-cfdq","summary":"Mautic has an XSS in contact tracking and page hits report\nPrior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27917","reference_id":"","reference_type":"","scores":[{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.6402","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0045","scoring_system":"epss","scoring_elements":"0.63978","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27917"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/550e33562d03363f7592fa9354259787a23a1d98","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/550e33562d03363f7592fa9354259787a23a1d98"},{"reference_url":"https://github.com/mautic/mautic/commit/629165ac905c53bbb44feb5a6dbadb1dfd6d5564","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/629165ac905c53bbb44feb5a6dbadb1dfd6d5564"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27917","reference_id":"CVE-2021-27917","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27917"},{"reference_url":"https://github.com/advisories/GHSA-xpc5-rr39-v8v2","reference_id":"GHSA-xpc5-rr39-v8v2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xpc5-rr39-v8v2"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2","reference_id":"GHSA-xpc5-rr39-v8v2","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:40:34Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82702?format=json","purl":"pkg:composer/mautic/core@4.4.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13"},{"url":"http://public2.vulnerablecode.io/api/packages/82703?format=json","purl":"pkg:composer/mautic/core@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-xsmg-dqq4-kqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1"}],"aliases":["CVE-2021-27917","GHSA-xpc5-rr39-v8v2"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e29q-5hg5-cfdq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57361?format=json","vulnerability_id":"VCID-g21m-aehf-wkfw","summary":"Mautic allows user name enumeration due to response time difference on password reset form\nThis advisory addresses a security vulnerability in Mautic related to the \"Forget your password\" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames.\n\nUser Enumeration via Timing Attack: A user enumeration vulnerability exists in the \"Forget your password\" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47057","reference_id":"","reference_type":"","scores":[{"value":"0.00242","scoring_system":"epss","scoring_elements":"0.47683","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47057"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47057","reference_id":"CVE-2024-47057","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47057"},{"reference_url":"https://github.com/advisories/GHSA-424x-cxvh-wq9p","reference_id":"GHSA-424x-cxvh-wq9p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-424x-cxvh-wq9p"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p","reference_id":"GHSA-424x-cxvh-wq9p","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-29T18:58:43Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-424x-cxvh-wq9p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85233?format=json","purl":"pkg:composer/mautic/core@4.4.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.16"},{"url":"http://public2.vulnerablecode.io/api/packages/85234?format=json","purl":"pkg:composer/mautic/core@5.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/85235?format=json","purl":"pkg:composer/mautic/core@6.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.2"}],"aliases":["CVE-2024-47057","GHSA-424x-cxvh-wq9p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g21m-aehf-wkfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54227?format=json","vulnerability_id":"VCID-ghuh-z1uh-mbf5","summary":"Incorrect Permission Assignment for Critical Resource\nSecret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27908","reference_id":"","reference_type":"","scores":[{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.28726","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.28799","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27908"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27908.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27908.yaml"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-4hjq-422q-4vpx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27908","reference_id":"CVE-2021-27908","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27908"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/80043?format=json","purl":"pkg:composer/mautic/core@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1hew-3rb7-tkg8"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-gnga-y8vw-1kgm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-trhp-bjp1-57ey"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.2"}],"aliases":["CVE-2021-27908","GHSA-4hjq-422q-4vpx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ghuh-z1uh-mbf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41383?format=json","vulnerability_id":"VCID-gnga-y8vw-1kgm","summary":"Cross-site Scripting\nMautic is vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27911","reference_id":"","reference_type":"","scores":[{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57888","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00352","scoring_system":"epss","scoring_elements":"0.57941","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27911"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27911.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27911.yaml"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-72hm-fx78-xwhc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27911","reference_id":"CVE-2021-27911","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27911"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58816?format=json","purl":"pkg:composer/mautic/core@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/58815?format=json","purl":"pkg:composer/mautic/core@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0"}],"aliases":["CVE-2021-27911","GHSA-72hm-fx78-xwhc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gnga-y8vw-1kgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39580?format=json","vulnerability_id":"VCID-hwrr-6qe1-77gn","summary":"Cross-site Scripting\nMautic before v2.13.0 has stored XSS via a theme config file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8071","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47432","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47497","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-8071"},{"reference_url":"https://github.com/mautic/mautic/commit/3add236e9cc00ea9b211b52cccc4660379b2ee8b","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/3add236e9cc00ea9b211b52cccc4660379b2ee8b"},{"reference_url":"https://github.com/mautic/mautic/releases/tag/2.13.0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/releases/tag/2.13.0"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-5w74-jx7m-x6hv","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-5w74-jx7m-x6hv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8071","reference_id":"CVE-2018-8071","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8071"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55381?format=json","purl":"pkg:composer/mautic/core@2.13.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1hew-3rb7-tkg8"},{"vulnerability":"VCID-1unf-fcpb-t7gr"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9tjy-3czw-37as"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-dh9y-k8zb-zkew"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-ghuh-z1uh-mbf5"},{"vulnerability":"VCID-gnga-y8vw-1kgm"},{"vulnerability":"VCID-j624-5zx3-c7c8"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-p9jy-6mbb-ukad"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-trhp-bjp1-57ey"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.13.0"}],"aliases":["CVE-2018-8071","GHSA-5w74-jx7m-x6hv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hwrr-6qe1-77gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54008?format=json","vulnerability_id":"VCID-j624-5zx3-c7c8","summary":"XSS in Mautic\n** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-3142.yaml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-3142.yaml"},{"reference_url":"https://github.com/mautic/mautic/commit/ba31db23e664f889da55a29ff27f797e2ab5cb1b","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/ba31db23e664f889da55a29ff27f797e2ab5cb1b"},{"reference_url":"https://github.com/mautic/mautic/releases/tag/3.2.4","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/releases/tag/3.2.4"},{"reference_url":"https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-3","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-3"},{"reference_url":"https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3142","reference_id":"CVE-2021-3142","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3142"},{"reference_url":"https://github.com/advisories/GHSA-p7v4-gm6j-cw9m","reference_id":"GHSA-p7v4-gm6j-cw9m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p7v4-gm6j-cw9m"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-p7v4-gm6j-cw9m","reference_id":"GHSA-p7v4-gm6j-cw9m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-p7v4-gm6j-cw9m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79578?format=json","purl":"pkg:composer/mautic/core@2.16.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1hew-3rb7-tkg8"},{"vulnerability":"VCID-1unf-fcpb-t7gr"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9tjy-3czw-37as"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-ghuh-z1uh-mbf5"},{"vulnerability":"VCID-gnga-y8vw-1kgm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-trhp-bjp1-57ey"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5"},{"url":"http://public2.vulnerablecode.io/api/packages/79564?format=json","purl":"pkg:composer/mautic/core@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1hew-3rb7-tkg8"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-ghuh-z1uh-mbf5"},{"vulnerability":"VCID-gnga-y8vw-1kgm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-trhp-bjp1-57ey"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4"}],"aliases":["CVE-2021-3142","GHSA-p7v4-gm6j-cw9m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j624-5zx3-c7c8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57352?format=json","vulnerability_id":"VCID-jxs8-apn6-dbfd","summary":"Mautic has an Open Redirect vulnerability on user unlock path.\nThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits.\n\nOpen Redirection via `returnUrl` Parameter: An Open Redirection vulnerability exists in the `/s/action/unlock/user.user/0` endpoint. The `returnUrl` parameter, intended for post-action redirection, is not properly validated. This allows an attacker to craft a URL that, when clicked by a user, redirects them to an arbitrary external website controlled by the attacker.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5256","reference_id":"","reference_type":"","scores":[{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40322","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5256"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5256","reference_id":"CVE-2025-5256","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-5256"},{"reference_url":"https://github.com/advisories/GHSA-6vx9-9r2g-8373","reference_id":"GHSA-6vx9-9r2g-8373","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6vx9-9r2g-8373"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-6vx9-9r2g-8373","reference_id":"GHSA-6vx9-9r2g-8373","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T17:57:26Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-6vx9-9r2g-8373"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85233?format=json","purl":"pkg:composer/mautic/core@4.4.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.16"},{"url":"http://public2.vulnerablecode.io/api/packages/85234?format=json","purl":"pkg:composer/mautic/core@5.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/85235?format=json","purl":"pkg:composer/mautic/core@6.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.2"}],"aliases":["CVE-2025-5256","GHSA-6vx9-9r2g-8373"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxs8-apn6-dbfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41374?format=json","vulnerability_id":"VCID-mbfx-4u6j-ybfp","summary":"Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)\nThe function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic ;","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27913","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25345","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25249","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27913"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27913.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27913.yaml"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/d1cad766a2de74e6c6b89d6d78c2a5f2e36ba91c","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/d1cad766a2de74e6c6b89d6d78c2a5f2e36ba91c"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-x7g2-wrrp-r6h3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27913","reference_id":"CVE-2021-27913","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27913"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58816?format=json","purl":"pkg:composer/mautic/core@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/58817?format=json","purl":"pkg:composer/mautic/core@4.0.0-alpha1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1hew-3rb7-tkg8"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-gnga-y8vw-1kgm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-trhp-bjp1-57ey"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0-alpha1"},{"url":"http://public2.vulnerablecode.io/api/packages/58815?format=json","purl":"pkg:composer/mautic/core@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0"}],"aliases":["CVE-2021-27913","GHSA-x7g2-wrrp-r6h3"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbfx-4u6j-ybfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47474?format=json","vulnerability_id":"VCID-n3p3-jsyf-wuf5","summary":"Mautic vulnerable to cross-site scripting in notifications via saving Dashboards\nPrior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.\n\nUsers could inject malicious code into the notification when saving Dashboards.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25774","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17477","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17555","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25774"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/e6d58de241b8c34126042dcb314d60eb5fc7b151","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/e6d58de241b8c34126042dcb314d60eb5fc7b151"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25774","reference_id":"CVE-2022-25774","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25774"},{"reference_url":"https://github.com/advisories/GHSA-fhcx-f7jg-jx3f","reference_id":"GHSA-fhcx-f7jg-jx3f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fhcx-f7jg-jx3f"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f","reference_id":"GHSA-fhcx-f7jg-jx3f","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T17:55:13Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-fhcx-f7jg-jx3f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69757?format=json","purl":"pkg:composer/mautic/core@4.4.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.12"}],"aliases":["CVE-2022-25774","GHSA-fhcx-f7jg-jx3f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n3p3-jsyf-wuf5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53965?format=json","vulnerability_id":"VCID-p9jy-6mbb-ukad","summary":"Cross-site Scripting\nMautic is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35128","reference_id":"","reference_type":"","scores":[{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.71253","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.71297","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35128"},{"reference_url":"https://forum.mautic.org/c/announcements/16","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.mautic.org/c/announcements/16"},{"reference_url":"https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://forum.mautic.org/t/security-release-for-all-versions-of-mautic-prior-to-2-16-5-and-3-2-4/17786"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://labs.bishopfox.com/advisories/mautic-version-3.2.2","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://labs.bishopfox.com/advisories/mautic-version-3.2.2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35128","reference_id":"CVE-2020-35128","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35128"},{"reference_url":"https://github.com/advisories/GHSA-98j2-3jv7-274m","reference_id":"GHSA-98j2-3jv7-274m","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-98j2-3jv7-274m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79578?format=json","purl":"pkg:composer/mautic/core@2.16.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1hew-3rb7-tkg8"},{"vulnerability":"VCID-1unf-fcpb-t7gr"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9tjy-3czw-37as"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-ghuh-z1uh-mbf5"},{"vulnerability":"VCID-gnga-y8vw-1kgm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-trhp-bjp1-57ey"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.16.5"},{"url":"http://public2.vulnerablecode.io/api/packages/79564?format=json","purl":"pkg:composer/mautic/core@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1hew-3rb7-tkg8"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-ghuh-z1uh-mbf5"},{"vulnerability":"VCID-gnga-y8vw-1kgm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-trhp-bjp1-57ey"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.2.4"}],"aliases":["CVE-2020-35128","GHSA-98j2-3jv7-274m"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p9jy-6mbb-ukad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/241228?format=json","vulnerability_id":"VCID-puaz-79mc-4bc6","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27914","reference_id":"","reference_type":"","scores":[{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61365","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00405","scoring_system":"epss","scoring_elements":"0.61413","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27914"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27914","reference_id":"CVE-2021-27914","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27914"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3","reference_id":"GHSA-jrwm-pr9x-cgq3","reference_type":"","scores":[],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-jrwm-pr9x-cgq3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150225?format=json","purl":"pkg:composer/mautic/core@4.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.3.0"}],"aliases":["CVE-2021-27914","GHSA-jrwm-pr9x-cgq3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-puaz-79mc-4bc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42547?format=json","vulnerability_id":"VCID-qhxy-1kmh-wyh2","summary":"Improper regex in htaccess file\nThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25769","reference_id":"","reference_type":"","scores":[{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30353","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30428","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25769"},{"reference_url":"https://github.com/advisories/GHSA-mj6m-246h-9w56","reference_id":"GHSA-mj6m-246h-9w56","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mj6m-246h-9w56"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56","reference_id":"GHSA-mj6m-246h-9w56","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T18:10:59Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-mj6m-246h-9w56"},{"reference_url":"https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic","reference_id":"mautic-4-2-one-small-step-mautic","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T18:10:59Z/"}],"url":"https://www.mautic.org/blog/community/mautic-4-2-one-small-step-mautic"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60825?format=json","purl":"pkg:composer/mautic/core@3.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/60826?format=json","purl":"pkg:composer/mautic/core@4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.2.0"}],"aliases":["CVE-2022-25769","GHSA-mj6m-246h-9w56","GMS-2022-182"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhxy-1kmh-wyh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55872?format=json","vulnerability_id":"VCID-sd7d-573z-n7dk","summary":"Duplicate Advisory: Mautic has insufficient authentication in upgrade flow\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-qf6m-6m4g-rmrc. This link is maintained to preserve external references.\n\n# Original Description\nMautic allows you to update the application via an upgrade script.\n\nThe upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.\n\nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.","references":[{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25770","reference_id":"CVE-2022-25770","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25770"},{"reference_url":"https://github.com/advisories/GHSA-5hc5-fxr9-5frc","reference_id":"GHSA-5hc5-fxr9-5frc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5hc5-fxr9-5frc"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc","reference_id":"GHSA-qf6m-6m4g-rmrc","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H"},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82702?format=json","purl":"pkg:composer/mautic/core@4.4.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13"},{"url":"http://public2.vulnerablecode.io/api/packages/82703?format=json","purl":"pkg:composer/mautic/core@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-xsmg-dqq4-kqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1"}],"aliases":["GHSA-5hc5-fxr9-5frc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sd7d-573z-n7dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50398?format=json","vulnerability_id":"VCID-swy6-81uq-4kcs","summary":"Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting\nThis advisory addresses a SQL Injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timeline where the parameter responsible for determining the sort direction was not strictly validated against an allowlist, potentially allowing authenticated users to inject arbitrary SQL commands via the API.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3105","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15977","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3105"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/releases/tag/5.2.10","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/releases/tag/5.2.10"},{"reference_url":"https://github.com/mautic/mautic/releases/tag/6.0.8","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/releases/tag/6.0.8"},{"reference_url":"https://github.com/mautic/mautic/releases/tag/7.0.1","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/releases/tag/7.0.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3105","reference_id":"CVE-2026-3105","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3105"},{"reference_url":"https://github.com/advisories/GHSA-r5j5-q42h-fc93","reference_id":"GHSA-r5j5-q42h-fc93","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r5j5-q42h-fc93"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93","reference_id":"GHSA-r5j5-q42h-fc93","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T20:02:03Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-r5j5-q42h-fc93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74286?format=json","purl":"pkg:composer/mautic/core@5.2.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.2.10"},{"url":"http://public2.vulnerablecode.io/api/packages/74287?format=json","purl":"pkg:composer/mautic/core@6.0.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@6.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/74288?format=json","purl":"pkg:composer/mautic/core@7.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@7.0.1"}],"aliases":["CVE-2026-3105","GHSA-r5j5-q42h-fc93"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swy6-81uq-4kcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41375?format=json","vulnerability_id":"VCID-trhp-bjp1-57ey","summary":"Cross-site Scripting\nInsufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. An attacker with access to the bounce management callback function (identified with the Mailjet webhook, but it is assumed this will work uniformly across all kinds of webhooks) can inject arbitrary JavaScript Code into the `error` and `error_related_to` parameters of the POST request (`POST /mailer/<product / webhook>/callback`). It is noted that there is no authentication needed to access this function. The JavaScript Code is stored permanently in the web application and executed every time an authenticated user views the details page of a single contact / lead in Mautic. This means, arbitrary code can be executed to, e.g., steal or tamper with information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27910","reference_id":"","reference_type":"","scores":[{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63253","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00435","scoring_system":"epss","scoring_elements":"0.63209","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27910"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27910.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mautic/core/CVE-2021-27910.yaml"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/e6a405975342f3cf86aa71927618d31d25135fa3","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/e6a405975342f3cf86aa71927618d31d25135fa3"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-86pv-95mj-7w5f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27910","reference_id":"CVE-2021-27910","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27910"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58816?format=json","purl":"pkg:composer/mautic/core@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/58815?format=json","purl":"pkg:composer/mautic/core@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19zs-w8hs-abdm"},{"vulnerability":"VCID-1x5b-am33-mkh4"},{"vulnerability":"VCID-2e51-qg2k-vqhd"},{"vulnerability":"VCID-3agv-evyh-k3hk"},{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-5dp5-sahm-affj"},{"vulnerability":"VCID-8h2f-f8zx-wbfn"},{"vulnerability":"VCID-9kw2-q4ek-jugf"},{"vulnerability":"VCID-9t6r-g255-zbdq"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-bdse-4ypf-abe3"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-e29q-5hg5-cfdq"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-mbfx-4u6j-ybfp"},{"vulnerability":"VCID-n3p3-jsyf-wuf5"},{"vulnerability":"VCID-puaz-79mc-4bc6"},{"vulnerability":"VCID-qhxy-1kmh-wyh2"},{"vulnerability":"VCID-sd7d-573z-n7dk"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-whnz-qj59-vkgz"},{"vulnerability":"VCID-wny3-utyg-pqha"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.0.0"}],"aliases":["CVE-2021-27910","GHSA-86pv-95mj-7w5f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-trhp-bjp1-57ey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55864?format=json","vulnerability_id":"VCID-wny3-utyg-pqha","summary":"Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)\nWith access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47058","reference_id":"","reference_type":"","scores":[{"value":"0.00186","scoring_system":"epss","scoring_elements":"0.40273","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-47058"},{"reference_url":"https://github.com/mautic/mautic","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic"},{"reference_url":"https://github.com/mautic/mautic/commit/344b908ef690283e7d8d3fc5cc1327396a1c3046","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/344b908ef690283e7d8d3fc5cc1327396a1c3046"},{"reference_url":"https://github.com/mautic/mautic/commit/88153a15b3cea331b7036d956b880c69e81a0032","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mautic/mautic/commit/88153a15b3cea331b7036d956b880c69e81a0032"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47058","reference_id":"CVE-2024-47058","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47058"},{"reference_url":"https://github.com/advisories/GHSA-xv68-rrmw-9xwf","reference_id":"GHSA-xv68-rrmw-9xwf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xv68-rrmw-9xwf"},{"reference_url":"https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf","reference_id":"GHSA-xv68-rrmw-9xwf","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:42:03Z/"}],"url":"https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82702?format=json","purl":"pkg:composer/mautic/core@4.4.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@4.4.13"},{"url":"http://public2.vulnerablecode.io/api/packages/82703?format=json","purl":"pkg:composer/mautic/core@5.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q5j-jj2b-t7de"},{"vulnerability":"VCID-6yv4-1yes-hkfs"},{"vulnerability":"VCID-9upf-7u9p-hkaa"},{"vulnerability":"VCID-a3qv-sg57-gfd4"},{"vulnerability":"VCID-ckj2-3ujt-fbhz"},{"vulnerability":"VCID-f8d8-kqpm-ekhc"},{"vulnerability":"VCID-fa5a-r46u-nbfm"},{"vulnerability":"VCID-g21m-aehf-wkfw"},{"vulnerability":"VCID-hj6u-3g1s-97bm"},{"vulnerability":"VCID-jxs8-apn6-dbfd"},{"vulnerability":"VCID-qz5x-pz9p-93eu"},{"vulnerability":"VCID-s7r1-3b25-bbe6"},{"vulnerability":"VCID-swy6-81uq-4kcs"},{"vulnerability":"VCID-xsmg-dqq4-kqgf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@5.1.1"}],"aliases":["CVE-2024-47058","GHSA-xv68-rrmw-9xwf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wny3-utyg-pqha"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core@2.12.2-beta"}