Packagist (Composer) package
mautic/core-lib
pkg:composer/mautic/core-lib
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-25770 | — | >= 1.0.0-beta3, < 4.4.13 | 4.4.13 | Sep 18, 2024 | Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable. | ||
| CVE-2021-27917 | — | >= 1.0.0-beta4, < 4.4.13 | 4.4.13 | Sep 18, 2024 | Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. | ||
| CVE-2024-47050 | — | >= 2.6.0, < 4.4.13 | 4.4.13 | Sep 18, 2024 | Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. | ||
| CVE-2024-47058 | — | >= 5.0.0-alpha, < 5.1.1 | 5.1.1 | Sep 18, 2024 | With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session. | ||
| CVE-2022-25768 | — | >= 1.1.3, < 4.4.13 | 4.4.13 | Sep 18, 2024 | The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of t |
- CVE-2022-25770Sep 18, 2024affected >= 1.0.0-beta3, < 4.4.13fixed 4.4.13
Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable.
- CVE-2021-27917Sep 18, 2024affected >= 1.0.0-beta4, < 4.4.13fixed 4.4.13
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
- CVE-2024-47050Sep 18, 2024affected >= 2.6.0, < 4.4.13fixed 4.4.13
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
- CVE-2024-47058Sep 18, 2024affected >= 5.0.0-alpha, < 5.1.1fixed 5.1.1
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
- CVE-2022-25768Sep 18, 2024affected >= 1.1.3, < 4.4.13fixed 4.4.13
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mautic version number or to execute parts of t