📦 Mautic

This CVE addresses two critical vulnerabilities in Mautic versions before 5.2.3: a Remote Code Execution (RCE) via asset upload that allows authenticated users to upload executable PHP files, and a Pa...

This is a cross-site scripting (XSS) vulnerability in Mautic's forms component that allows attackers to inject malicious JavaScript via the mautic[return] parameter. It affects all Mautic instances be...

This cross-site scripting (XSS) vulnerability in Mautic allows attackers to inject malicious JavaScript via the Referer header when downloading assets. Successful exploitation enables session hijackin...

CVE-2020-35128 is a stored cross-site scripting (XSS) vulnerability in Mautic that allows attackers with company management permissions to inject malicious scripts, potentially compromising other user...

This SQL injection vulnerability in Mautic's API endpoint allows authenticated users to inject arbitrary SQL commands via the sort direction parameter. Attackers could potentially read, modify, or del...

This stored cross-site scripting (XSS) vulnerability in Mautic allows attackers to inject malicious scripts into contact tracking and page hits reports. When users view these reports, the scripts exec...

CVE-2022-25769 is an improper access control vulnerability in Mautic's .htaccess file that allows attackers to execute arbitrary PHP files by bypassing filename restrictions. This affects Mautic insta...

CVE-2022-25776 is an authorization bypass vulnerability in Mautic where authenticated users can access unauthorized application areas. This allows unauthorized access to sensitive data including names...

CVE-2021-27916 is a path traversal vulnerability in Mautic's GrapesJS builder that allows authenticated users to delete arbitrary files outside intended directories. This affects all Mautic instances ...

CVE-2021-27915 is a cross-site scripting (XSS) vulnerability in Mautic's description fields that allows authenticated users with appropriate permissions to inject malicious scripts. If exploited, this...

CVE-2021-27910 is a stored cross-site scripting (XSS) vulnerability in Mautic's bounce management callback function. Attackers can inject malicious JavaScript via unauthenticated POST requests, which ...

This vulnerability allows authenticated Mautic users with asset creation/edit permissions to inject malicious JavaScript into asset titles. When other users view these assets, the JavaScript executes ...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Mautic's segment cloning functionality. Any authenticated user can clone segments without proper authorization checks, ev...

CVE-2022-25773 is a path traversal vulnerability in Mautic's asset upload functionality that allows authenticated users to upload files to directories outside the intended temporary directory. This af...

This vulnerability allows attackers to inject malicious scripts into Mautic's tracking functionality through the Page URL variable. When exploited, these scripts execute in victims' browsers, potentia...

CVE-2022-25777 is a Server-Side Request Forgery (SSRF) vulnerability in Mautic that allows authenticated users to read system files and access internal network addresses. This affects all Mautic insta...

CVE-2022-25775 is an SQL injection vulnerability in Mautic's Reports bundle that allows authenticated users to execute arbitrary SQL queries. This affects all Mautic instances with vulnerable versions...