Security Advisories - mautic/core - Packagist

mautic/core Security Advisories for 4.4.1 (12)

[HIGH] Mautic has insufficient authentication in upgrade flow

PKSA-gfhc-2ry6-vg76 CVE-2022-25770 GHSA-5hc5-fxr9-5frc

Affected version: >=5.0.0,<5.1.1|>=1.0.0-beta3,<4.4.13

Reported by:
GitHub
[HIGH] Mautic has insufficient authentication in upgrade flow

PKSA-zrpx-tjt4-ctvz CVE-2024-47051 GHSA-qf6m-6m4g-rmrc

Affected version: >=5.0.0-alpha,<5.1.1|>=1.0.0-beta3,<4.4.13

Reported by:
GitHub
[HIGH] Mautic has an XSS in contact tracking and page hits report

PKSA-39c1-mjv2-cwmh CVE-2021-27917 GHSA-xpc5-rr39-v8v2

Affected version: >=5.0.0-alpha,<5.1.1|>=1.0.0-beta4,<4.4.13

Reported by:
GitHub
[MEDIUM] Mautic vulnerable to XSS in contact/company tracking (no authentication)

PKSA-x4f7-yvw2-qxkj CVE-2024-47050 GHSA-73gr-32wg-qhh7

Affected version: >=5.0.0-alpha,<5.1.1|>=2.6.0,<4.4.13

Reported by:
GitHub
[LOW] Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)

PKSA-zw3g-4t7k-356g CVE-2024-47058 GHSA-xv68-rrmw-9xwf

Affected version: >=1.0.0-beta,<4.4.13|>=5.0.0-alpha,<5.1.1

Reported by:
GitHub
[HIGH] Mautic vulnerable to Improper Access Control in UI upgrade process

PKSA-1qjd-2pbn-b37d CVE-2022-25768 GHSA-x3jx-5w6m-q2fc

Affected version: >=5.0.0-alpha,<5.1.1|>=1.1.3,<4.4.13

Reported by:
GitHub
[MEDIUM] Mautic: MST-48 Server-Side Request Forgery in Asset section

PKSA-qbyg-mfvh-bykw CVE-2022-25777 GHSA-mgv8-w49f-822w

Affected version: >=5.0.0-alpha,<5.0.4|>=1.0.0-beta4,<4.4.12

Reported by:
GitHub
[HIGH] Mautic Sensitive Data Exposure due to inadequate user permission settings

PKSA-h1nj-n1bm-2hgs CVE-2022-25776 GHSA-qjx3-2g35-6hv8

Affected version: >=5.0.0-alpha,<5.0.4|>=1.0.2,<4.4.12

Reported by:
GitHub
[MEDIUM] Mautic SQL Injection in dynamic Reports

PKSA-sy5k-g715-pnjy CVE-2022-25775 GHSA-jj6w-2cqg-7p94

Affected version: >=5.0.0-alpha,<5.0.4|>=2.14.1,<4.4.12

Reported by:
GitHub
[HIGH] Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder

PKSA-xg8c-5dhf-6tcn CVE-2021-27916 GHSA-9fcx-cv56-w58p

Affected version: >=5.0.0-alpha,<5.0.4|>=3.3.0,<4.4.12

Reported by:
GitHub
[MEDIUM] Mautic vulnerable to cross-site scripting in notifications via saving Dashboards

PKSA-47j7-7fkf-jb1b CVE-2022-25774 GHSA-fhcx-f7jg-jx3f

Affected version: <4.4.12

Reported by:
GitHub
[HIGH] Mautic vulnerable to stored cross-site scripting in description field

PKSA-y6pk-4xsd-p383 CVE-2021-27915 GHSA-2rc5-2755-v422

Affected version: >=1.0.0-beta2,<4.4.12

Reported by:
GitHub