CRITICAL9.8CVE-2018-8092CSV Injection vulnerability with exported contact lists in Mautic from 0, < 2.13.0
from 0, < 2.16.5
CRITICAL9.6Cross-site Scripting vulnerability in Mautic's tracking pixel functionality
from 0, < 4.3.0
CRITICAL9.1Mautic allows Remote Code Execution and File Deletion in Asset Uploads
from 0, < 5.2.3
CRITICAL9.0Mautic stored Cross-site Scripting (XSS)
from 0, < 3.2.4
CRITICAL9.0Mautic stored Cross-site Scripting (XSS)
>= 3.2.0, < 3.2.4
HIGH8.8Mautic Cross-Site Request Forgery (CSRF)
HIGH8.3Mautic Sensitive Data Exposure due to inadequate user permission settings
>= 1.0.2, < 4.4.12
HIGH8.3XSS vulnerability on contacts view
from 0, < 3.3.4
HIGH8.2Stored XSS vulnerability on Bounce Management Callback
from 0, < 3.3.4
HIGH8.1Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
>= 3.3.0, < 4.4.12
HIGH8.1Disabled users able to log in with third party SSO plugin
>= 2.0.0, < 2.12.0
HIGH7.8Mautic has insufficient authentication in upgrade flow
>= 1.0.0-beta3, < 4.4.13
HIGH7.7Mautic allows Improper Authorization in Reporting API
>= 1.0.1, < 5.2.3
HIGH7.6Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting
>= 2.10.0, < 5.2.10
HIGH7.6Mautic vulnerable to stored cross-site scripting in description field
>= 1.0.0-beta2, < 4.4.12
HIGH7.5Sensitive Cookie Without HttpOnly and Secure Flag
from 0, < 2.1.1
HIGH7.5Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
from 0, < 2.13.0
HIGH7.3Mautic has an XSS in contact tracking and page hits report
>= 1.0.0-beta4, < 4.4.13
HIGH7.1XSS vulnerability on asset view
from 0, < 3.3.4
HIGH7.0Mautic vulnerable to Improper Access Control in UI upgrade process
>= 1.1.3, < 4.4.13
MEDIUM6.6Mautic SQL Injection in dynamic Reports
>= 2.14.1, < 4.4.12
MEDIUM6.5Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure
>= 4.0.0, < 4.4.16
MEDIUM6.5Mautic: MST-48 Server-Side Request Forgery in Asset section
>= 1.0.0-beta4, < 4.4.12
MEDIUM6.5Mautic users able to download any files from server using filemanager
>= 1.0.0, < 2.12.0
MEDIUM6.3XSS vulnerability on password reset page
from 0, < 3.3.4
MEDIUM6.1Mautic Cross Site Scripting (XSS) vulnerability
from 0, < 2.14.2
MEDIUM6.1XSS vulnerability in company name field in Mautic
from 0, < 2.14.0
MEDIUM6.1Inline JS XSS vulnerability in Mautic
>= 2.1.0, < 2.12.0
MEDIUM6.1XSS vulnerability in theme config file in Mautic
from 0, < 2.13.0
MEDIUM6.1XSS vulnerability in Author URL of themes in Mautic
>= 2.13.1, < 2.14.0
MEDIUM5.9Mautic Vulnerable to User Enumeration via Response Timing
>= 4.4.0, < 4.4.17
MEDIUM5.8Mautic vulnerable to secret data exfiltration via symfony parameters
from 0, < 3.3.2
MEDIUM5.5Mautic vulnerable to secret data extraction via elfinder
>= 4.4.0, < 4.4.17
MEDIUM5.4Mautic has an Open Redirect vulnerability on user unlock path.
>= 1.0.0, < 4.4.16
MEDIUM5.4Mautic vulnerable to XSS in contact/company tracking (no authentication)
>= 2.6.0, < 4.4.13
MEDIUM5.3Mautic allows user name enumeration due to response time difference on password reset form
>= 1.0.0, < 4.4.16
MEDIUM5.1Mautic does not shield .env files from web traffic
>= 4.4.0, < 4.4.16
MEDIUM4.8Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
>= 5.0.0-alpha, < 5.1.1
MEDIUM4.8Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
from 0, < 4.4.12
MEDIUM4.3Mautic segment cloning doesn't have a proper permission check
>= 5.0.0-alpha, < 5.2.6
MEDIUM4.3Mautic allows Relative Path Traversal in assets file upload
from 0, < 5.2.3
MEDIUM4.3Mautic allows users enumeration due to weak password login
>= 5.1.0, < 5.1.1
LOW3.5Use of a Broken or Risky Cryptographic Algorithm
from 0, < 3.3.4
LOW2.7Mautic vulnerable to SSRF via webhook function
>= 4.4.0, < 4.4.17
—Mautic user without privileged access to the Marketplace can install and uninstall composer packages
>= 4.0.0, < 4.4.18
—Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add
>= 4.4.0, < 4.4.17
—Improper regex in htaccess file
from 0, < 3.3.5
—XSS in Mautic
>= 3.0.0, < 3.2.4
—XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic
>= 3.0.0, < 3.2.4