Mautic Core vulnerabilities
49 known vulnerabilities affecting mautic/core.
Total CVEs
49
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH13MEDIUM27LOW2
Vulnerabilities
Page 2 of 3
CVE-2018-10189P3HIGH≥ 0, < 2.13.02021-01-19
CVE-2018-10189 [HIGH] CWE-200 Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
### Impact
An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked
ghsaosv
CVE-2022-25776P4HIGH≥ 1.0.2, < 4.4.12≥ 5.0.0-alpha, < 5.0.42024-04-12
CVE-2022-25776 [HIGH] CWE-276 Mautic Sensitive Data Exposure due to inadequate user permission settings
Mautic Sensitive Data Exposure due to inadequate user permission settings
### Impact
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.
Users could potentially access sensitive data such as names and surnames, company names and stage names.
### Patches
Update to 4.4.12 and 5.0.4
### Workarounds
N
ghsaosv
CVE-2025-9822P4MEDIUM≥ 4.4.0, < 4.4.17≥ 5.0.0-alpha, < 5.2.8+1 more2025-09-03
CVE-2025-9822 [MEDIUM] CWE-283 Mautic vulnerable to secret data extraction via elfinder
Mautic vulnerable to secret data extraction via elfinder
### Summary
_A user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available._
### Impact
_An administrator who usually does not have access to certain parameters, such as database credentials, can disclose them._
ghsaosv
CVE-2022-25773P4MEDIUM≥ 0, < 5.2.32025-02-26
CVE-2022-25773 [MEDIUM] CWE-22 Mautic allows Relative Path Traversal in assets file upload
Mautic allows Relative Path Traversal in assets file upload
### Summary
This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.
* **Improper Limitation of a Pathname to a Restricted Directory:** A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended te
ghsaosv
CVE-2024-47057P4MEDIUM≥ 1.0.0, < 4.4.16≥ 5.0.0-alpha, < 5.2.6+1 more2025-05-28
CVE-2024-47057 [MEDIUM] CWE-203 Mautic allows user name enumeration due to response time difference on password reset form
Mautic allows user name enumeration due to response time difference on password reset form
### Summary
This advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames.
User Enumeration via Timing Attack: A user enumeration vulnerabili
ghsaosv
CVE-2025-9824P4MEDIUM≥ 4.4.0, < 4.4.17≥ 5.0.0-alpha, < 5.2.8+1 more2025-09-03
CVE-2025-9824 [MEDIUM] CWE-204 Mautic Vulnerable to User Enumeration via Response Timing
Mautic Vulnerable to User Enumeration via Response Timing
### Impact
The attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks.
### Patches
This vulnerability has been patched, implementing a timing-safe form login authenticator that ensures consistent response tim
ghsaosv
CVE-2017-1000046P4HIGH≥ 0, < 2.1.12022-05-13
CVE-2017-1000046 [HIGH] CWE-614 Sensitive Cookie Without HttpOnly and Secure Flag
Sensitive Cookie Without HttpOnly and Secure Flag
Mautic prior to 2.1.1 fails to set flags on session cookies
ghsaosv
CVE-2021-27910P4HIGH≥ 0, < 3.3.4≥ 4.0.0-alpha1, < 4.0.02021-09-01
CVE-2021-27910 [HIGH] CWE-79 Stored XSS vulnerability on Bounce Management Callback
Stored XSS vulnerability on Bounce Management Callback
### Impact
Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "error_related_to" parameters of the POST request of the bounce management callback will be permanently stored and executed once the details page of an affected lead is ope
ghsaosv
CVE-2025-5256P4MEDIUM≥ 1.0.0, < 4.4.16≥ 5.0.0-alpha, < 5.2.6+1 more2025-05-28
CVE-2025-5256 [MEDIUM] CWE-601 Mautic has an Open Redirect vulnerability on user unlock path.
Mautic has an Open Redirect vulnerability on user unlock path.
### Summary
This advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits.
Open Redirection via `returnUrl` Parameter: An Open Redi
ghsaosv
CVE-2018-11198P4MEDIUM≥ 2.13.1, < 2.14.02021-01-19
CVE-2018-11198 [MEDIUM] CWE-79 XSS vulnerability in Author URL of themes in Mautic
XSS vulnerability in Author URL of themes in Mautic
### Impact
An XSS vulnerability was discovered in Mautic 2.13.1 in the Author URL of themes.
### Patches
Update to 2.14 or later
### Workarounds
None
### References
https://github.com/mautic/mautic/releases/tag/2.14.0
### For more information
If you have any questions or comments about this advisory:
* Email us at [[email protected]](mailto:security@mautic
ghsaosv
CVE-2018-11200P4MEDIUM≥ 0, < 2.14.02021-01-19
CVE-2018-11200 [MEDIUM] CWE-79 XSS vulnerability in company name field in Mautic
XSS vulnerability in company name field in Mautic
### Impact
Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.
### Patches
Update to 2.14.0 or later.
### Workarounds
None.
### For more information
If you have any questions or comments about this advisory:
* Email us at [[email protected]
ghsaosv
CVE-2022-25774P4MEDIUM≥ 0, < 4.4.122024-04-12
CVE-2022-25774 [MEDIUM] CWE-79 Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
### Impact
Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic.
Users could inject malicious code into the notification when saving Dashboards.
### Patches
Update to Mautic 4.4.12.
### Workarounds
None
### References
- h
ghsaosv
CVE-2021-27917P4MEDIUM≥ 1.0.0-beta4, < 4.4.13≥ 5.0.0-alpha, < 5.1.12024-09-18
CVE-2021-27917 [MEDIUM] CWE-79 Mautic has an XSS in contact tracking and page hits report
Mautic has an XSS in contact tracking and page hits report
### Summary
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
### Patches
Please update to 4.4.13 or 5.1.1 or later.
### Workarounds
None
### References
https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)
https://owasp.org/www-project-web-security-testing-guide/latest/
ghsaosv
CVE-2018-8071P4MEDIUM≥ 0, < 2.13.02021-01-19
CVE-2018-8071 [MEDIUM] CWE-79 XSS vulnerability in theme config file in Mautic
XSS vulnerability in theme config file in Mautic
### Impact
Mautic before v2.13.0 has stored XSS via a theme config file.
### Patches
Update to 2.13.0 or later.
### Workarounds
None.
### For more information
If you have any questions or comments about this advisory:
* Email us at [[email protected]](mailto:[email protected])
ghsaosv
CVE-2021-27911P4HIGH≥ 0, < 3.3.4≥ 4.0.0-alpha1, < 4.0.02021-09-01
CVE-2021-27911 [HIGH] CWE-79 XSS vulnerability on contacts view
XSS vulnerability on contacts view
### Impact
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc.
### Patches
Upgrade to 3
ghsaosv
CVE-2021-27912P4HIGH≥ 0, < 3.3.4≥ 4.0.0-alpha1, < 4.0.02021-09-01
CVE-2021-27912 [HIGH] CWE-79 XSS vulnerability on asset view
XSS vulnerability on asset view
### Impact
Mautic versions before 3.3.4 / 4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets.
### Patches
Upgrade to 3.3.4 or 4.0.0
### Workarounds
No
### References
https://github.com/mautic/mautic/re
ghsaosv
CVE-2017-1000488P4MEDIUM≥ 2.1.0, < 2.12.02021-01-19
CVE-2017-1000488 [MEDIUM] CWE-79 Inline JS XSS vulnerability in Mautic
Inline JS XSS vulnerability in Mautic
### Impact
Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.
### Patches
Upgrade to 2.12.0 or later.
### Workarounds
None
### References
https://github.com/mautic/mautic/releases/tag/2.12.0
### For more information
If you have any questions or comments about this advi
ghsaosv
CVE-2024-47050P4MEDIUM≥ 2.6.0, < 4.4.13≥ 5.0.0-alpha, < 5.1.12024-09-18
CVE-2024-47050 [MEDIUM] CWE-79 Mautic vulnerable to XSS in contact/company tracking (no authentication)
Mautic vulnerable to XSS in contact/company tracking (no authentication)
## Summary
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
## Patches
Please update to 4.4.13 or 5.1.1 or later.
## Workarounds
None
## References
https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)
https://owasp.org/w
ghsaosv
CVE-2025-9823P4MEDIUM≥ 4.4.0, < 4.4.17≥ 5.0.0-alpha, < 5.2.8+1 more2025-09-03
CVE-2025-9823 [MEDIUM] CWE-79 Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add
Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add
## Summary
A Cross-Site Scripting (XSS) vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious actions such as session hijackin
ghsaosv
CVE-2024-47056P4MEDIUM≥ 4.4.0, < 4.4.16≥ 5.0.0-alpha, < 5.2.6+1 more2025-05-28
CVE-2024-47056 [MEDIUM] CWE-312 Mautic does not shield .env files from web traffic
Mautic does not shield .env files from web traffic
### Summary
This advisory addresses a security vulnerability in Mautic where sensitive `.env` configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations.
Sensitive Information Disclosure via `.env` File Ex
ghsaosv