Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:mautic:mautic:-:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-35129 |
Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account. Published: January 19, 2021; 9:15:12 AM -0500 |
V4.0:(not available) V3.1: 9.0 CRITICAL V2.0: 6.0 MEDIUM |
CVE-2018-8092 |
Mautic before 2.13.0 allows CSV injection. Published: April 18, 2018; 4:29:00 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-8071 |
Mautic before v2.13.0 has stored XSS via a theme config file. Published: April 18, 2018; 4:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-1000506 |
Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code. Published: February 09, 2018; 6:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-1000046 |
Mautic 2.6.1 and earlier fails to set flags on session cookies Published: July 17, 2017; 9:18:17 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |