Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/mautic/core-lib@4.3.0-rc
Typecomposer
Namespacemautic
Namecore-lib
Version4.3.0-rc
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.4.13
Latest_non_vulnerable_version5.1.1
Affected_by_vulnerabilities
0
url VCID-19zs-w8hs-abdm
vulnerability_id VCID-19zs-w8hs-abdm
summary 
Mautic vulnerable to Improper Access Control in UI upgrade process
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of the upgrade process without permission. As upgrading in the user interface is deprecated, this functionality is no longer required.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25768
reference_id
reference_type
scores
0
value 0.00369
scoring_system epss
scoring_elements 0.59149
published_at 2026-06-05T12:55:00Z
1
value 0.00369
scoring_system epss
scoring_elements 0.59101
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25768
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/89f964d06f00688016b38a56dfd9e95fc676c7ce
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/89f964d06f00688016b38a56dfd9e95fc676c7ce
3
reference_url https://github.com/mautic/mautic/commit/925aeee7d3dbb6ca67f92d9dc5893d99250f739b
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/925aeee7d3dbb6ca67f92d9dc5893d99250f739b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25768
reference_id CVE-2022-25768
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25768
5
reference_url https://github.com/advisories/GHSA-x3jx-5w6m-q2fc
reference_id GHSA-x3jx-5w6m-q2fc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x3jx-5w6m-q2fc
6
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc
reference_id GHSA-x3jx-5w6m-q2fc
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:42:37Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-x3jx-5w6m-q2fc
fixed_packages
0
url pkg:composer/mautic/core-lib@4.4.13
purl pkg:composer/mautic/core-lib@4.4.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core-lib@4.4.13
1
url pkg:composer/mautic/core-lib@5.1.1
purl pkg:composer/mautic/core-lib@5.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core-lib@5.1.1
aliases CVE-2022-25768, GHSA-x3jx-5w6m-q2fc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19zs-w8hs-abdm
1
url VCID-1x5b-am33-mkh4
vulnerability_id VCID-1x5b-am33-mkh4
summary 
Mautic has insufficient authentication in upgrade flow
Mautic allows you to update the application via an upgrade script.

The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.

This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25770
reference_id
reference_type
scores
0
value 0.00296
scoring_system epss
scoring_elements 0.53243
published_at 2026-06-05T12:55:00Z
1
value 0.00296
scoring_system epss
scoring_elements 0.53181
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25770
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca
3
reference_url https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25770
reference_id CVE-2022-25770
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25770
5
reference_url https://github.com/advisories/GHSA-qf6m-6m4g-rmrc
reference_id GHSA-qf6m-6m4g-rmrc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qf6m-6m4g-rmrc
6
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc
reference_id GHSA-qf6m-6m4g-rmrc
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T14:47:02Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc
fixed_packages
0
url pkg:composer/mautic/core-lib@4.4.13
purl pkg:composer/mautic/core-lib@4.4.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core-lib@4.4.13
1
url pkg:composer/mautic/core-lib@5.1.1
purl pkg:composer/mautic/core-lib@5.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core-lib@5.1.1
aliases CVE-2022-25770, GHSA-qf6m-6m4g-rmrc
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1x5b-am33-mkh4
2
url VCID-2e51-qg2k-vqhd
vulnerability_id VCID-2e51-qg2k-vqhd
summary 
Mautic vulnerable to XSS in contact/company tracking (no authentication)
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47050
reference_id
reference_type
scores
0
value 0.01135
scoring_system epss
scoring_elements 0.78733
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47050
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/0f21a3aa9c896788e1986fae0d7f166fc7a14c30
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/0f21a3aa9c896788e1986fae0d7f166fc7a14c30
3
reference_url https://github.com/mautic/mautic/commit/43db5e492c0ef82c917745849d5b454dbc8ca2c4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/43db5e492c0ef82c917745849d5b454dbc8ca2c4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47050
reference_id CVE-2024-47050
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47050
5
reference_url https://github.com/advisories/GHSA-73gr-32wg-qhh7
reference_id GHSA-73gr-32wg-qhh7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-73gr-32wg-qhh7
6
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7
reference_id GHSA-73gr-32wg-qhh7
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:41:10Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-73gr-32wg-qhh7
fixed_packages
0
url pkg:composer/mautic/core-lib@4.4.13
purl pkg:composer/mautic/core-lib@4.4.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core-lib@4.4.13
1
url pkg:composer/mautic/core-lib@5.1.1
purl pkg:composer/mautic/core-lib@5.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core-lib@5.1.1
aliases CVE-2024-47050, GHSA-73gr-32wg-qhh7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2e51-qg2k-vqhd
3
url VCID-3q5j-jj2b-t7de
vulnerability_id VCID-3q5j-jj2b-t7de
summary 
Mautic has insufficient authentication in upgrade flow
Mautic allows you to update the application via an upgrade script.

The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.

This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47051
reference_id
reference_type
scores
0
value 0.01106
scoring_system epss
scoring_elements 0.78462
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47051
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca
reference_id
reference_type
scores
url https://github.com/mautic/mautic/commit/73b18e9a434a28e528fe0e3d03620e7367bdcdca
3
reference_url https://github.com/mautic/mautic/commit/75bc488ce98b9c8ec01114984049fc1c42c0cae5
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/75bc488ce98b9c8ec01114984049fc1c42c0cae5
4
reference_url https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf
reference_id
reference_type
scores
url https://github.com/mautic/mautic/commit/aee7bfb7510a83acf178a7f02da9661c040e9abf
5
reference_url https://owasp.org/www-community/attacks/Code_Injection
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T14:29:14Z/
url https://owasp.org/www-community/attacks/Code_Injection
6
reference_url https://owasp.org/www-community/attacks/Path_Traversal
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T14:29:14Z/
url https://owasp.org/www-community/attacks/Path_Traversal
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47051
reference_id CVE-2024-47051
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47051
8
reference_url https://github.com/advisories/GHSA-73gx-x7r9-77x2
reference_id GHSA-73gx-x7r9-77x2
reference_type
scores
url https://github.com/advisories/GHSA-73gx-x7r9-77x2
9
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
reference_id GHSA-73gx-x7r9-77x2
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-26T14:29:14Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-73gx-x7r9-77x2
10
reference_url https://github.com/advisories/GHSA-qf6m-6m4g-rmrc
reference_id GHSA-qf6m-6m4g-rmrc
reference_type
scores
url https://github.com/advisories/GHSA-qf6m-6m4g-rmrc
11
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc
reference_id GHSA-qf6m-6m4g-rmrc
reference_type
scores
url https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc
fixed_packages
0
url pkg:composer/mautic/core-lib@4.4.13
purl pkg:composer/mautic/core-lib@4.4.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core-lib@4.4.13
1
url pkg:composer/mautic/core-lib@5.1.1
purl pkg:composer/mautic/core-lib@5.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core-lib@5.1.1
aliases CVE-2024-47051, GHSA-73gx-x7r9-77x2
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3q5j-jj2b-t7de
4
url VCID-e29q-5hg5-cfdq
vulnerability_id VCID-e29q-5hg5-cfdq
summary 
Mautic has an XSS in contact tracking and page hits report
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-27917
reference_id
reference_type
scores
0
value 0.0045
scoring_system epss
scoring_elements 0.6402
published_at 2026-06-05T12:55:00Z
1
value 0.0045
scoring_system epss
scoring_elements 0.63978
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-27917
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/550e33562d03363f7592fa9354259787a23a1d98
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/550e33562d03363f7592fa9354259787a23a1d98
3
reference_url https://github.com/mautic/mautic/commit/629165ac905c53bbb44feb5a6dbadb1dfd6d5564
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/629165ac905c53bbb44feb5a6dbadb1dfd6d5564
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-27917
reference_id CVE-2021-27917
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-27917
5
reference_url https://github.com/advisories/GHSA-xpc5-rr39-v8v2
reference_id GHSA-xpc5-rr39-v8v2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xpc5-rr39-v8v2
6
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2
reference_id GHSA-xpc5-rr39-v8v2
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:40:34Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2
fixed_packages
0
url pkg:composer/mautic/core-lib@4.4.13
purl pkg:composer/mautic/core-lib@4.4.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core-lib@4.4.13
1
url pkg:composer/mautic/core-lib@5.1.1
purl pkg:composer/mautic/core-lib@5.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core-lib@5.1.1
aliases CVE-2021-27917, GHSA-xpc5-rr39-v8v2
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e29q-5hg5-cfdq
5
url VCID-wny3-utyg-pqha
vulnerability_id VCID-wny3-utyg-pqha
summary 
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47058
reference_id
reference_type
scores
0
value 0.00186
scoring_system epss
scoring_elements 0.40273
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47058
1
reference_url https://github.com/mautic/mautic
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic
2
reference_url https://github.com/mautic/mautic/commit/344b908ef690283e7d8d3fc5cc1327396a1c3046
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/344b908ef690283e7d8d3fc5cc1327396a1c3046
3
reference_url https://github.com/mautic/mautic/commit/88153a15b3cea331b7036d956b880c69e81a0032
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mautic/mautic/commit/88153a15b3cea331b7036d956b880c69e81a0032
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47058
reference_id CVE-2024-47058
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-47058
5
reference_url https://github.com/advisories/GHSA-xv68-rrmw-9xwf
reference_id GHSA-xv68-rrmw-9xwf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xv68-rrmw-9xwf
6
reference_url https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf
reference_id GHSA-xv68-rrmw-9xwf
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T15:42:03Z/
url https://github.com/mautic/mautic/security/advisories/GHSA-xv68-rrmw-9xwf
fixed_packages
0
url pkg:composer/mautic/core-lib@4.4.13
purl pkg:composer/mautic/core-lib@4.4.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core-lib@4.4.13
1
url pkg:composer/mautic/core-lib@5.1.1
purl pkg:composer/mautic/core-lib@5.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/mautic/core-lib@5.1.1
aliases CVE-2024-47058, GHSA-xv68-rrmw-9xwf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wny3-utyg-pqha
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/mautic/core-lib@4.3.0-rc