Security Advisories - mautic/core-lib - Packagist

mautic/core-lib Security Advisories for 5.0.0-rc1 (5)

[HIGH] Mautic has insufficient authentication in upgrade flow

PKSA-ydwx-2n98-5dyf CVE-2024-47051 GHSA-qf6m-6m4g-rmrc

Affected version: >=5.0.0-alpha,<5.1.1|>=1.0.0-beta3,<4.4.13

Reported by:
GitHub
[HIGH] Mautic has an XSS in contact tracking and page hits report

PKSA-krjy-6tb4-skgg CVE-2021-27917 GHSA-xpc5-rr39-v8v2

Affected version: >=5.0.0-alpha,<5.1.1|>=1.0.0-beta4,<4.4.13

Reported by:
GitHub
[MEDIUM] Mautic vulnerable to XSS in contact/company tracking (no authentication)

PKSA-bxhd-1cmh-djg9 CVE-2024-47050 GHSA-73gr-32wg-qhh7

Affected version: >=5.0.0-alpha,<5.1.1|>=2.6.0,<4.4.13

Reported by:
GitHub
[LOW] Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)

PKSA-81ww-1p5d-6c6k CVE-2024-47058 GHSA-xv68-rrmw-9xwf

Affected version: >=1.0.0-beta,<4.4.13|>=5.0.0-alpha,<5.1.1

Reported by:
GitHub
[HIGH] Mautic vulnerable to Improper Access Control in UI upgrade process

PKSA-j4xy-fb9q-x9h7 CVE-2022-25768 GHSA-x3jx-5w6m-q2fc

Affected version: >=5.0.0-alpha,<5.1.1|>=1.1.3,<4.4.13

Reported by:
GitHub