cbcvebase.

Mautic Core vulnerabilities

49 known vulnerabilities affecting mautic/core.

Total CVEs
49
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH13MEDIUM27LOW2

Vulnerabilities

Page 2 of 3
CVE-2018-10189P3HIGH≥ 0, < 2.13.02021-01-19
CVE-2018-10189 [HIGH] CWE-200 Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID ### Impact An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked
ghsaosv
CVE-2022-25776P4HIGH≥ 1.0.2, < 4.4.12≥ 5.0.0-alpha, < 5.0.42024-04-12
CVE-2022-25776 [HIGH] CWE-276 Mautic Sensitive Data Exposure due to inadequate user permission settings Mautic Sensitive Data Exposure due to inadequate user permission settings ### Impact Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names. ### Patches Update to 4.4.12 and 5.0.4 ### Workarounds N
ghsaosv
CVE-2025-9822P4MEDIUM≥ 4.4.0, < 4.4.17≥ 5.0.0-alpha, < 5.2.8+1 more2025-09-03
CVE-2025-9822 [MEDIUM] CWE-283 Mautic vulnerable to secret data extraction via elfinder Mautic vulnerable to secret data extraction via elfinder ### Summary _A user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available._ ### Impact _An administrator who usually does not have access to certain parameters, such as database credentials, can disclose them._
ghsaosv
CVE-2022-25773P4MEDIUM≥ 0, < 5.2.32025-02-26
CVE-2022-25773 [MEDIUM] CWE-22 Mautic allows Relative Path Traversal in assets file upload Mautic allows Relative Path Traversal in assets file upload ### Summary This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server. * **Improper Limitation of a Pathname to a Restricted Directory:** A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended te
ghsaosv
CVE-2024-47057P4MEDIUM≥ 1.0.0, < 4.4.16≥ 5.0.0-alpha, < 5.2.6+1 more2025-05-28
CVE-2024-47057 [MEDIUM] CWE-203 Mautic allows user name enumeration due to response time difference on password reset form Mautic allows user name enumeration due to response time difference on password reset form ### Summary This advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerabili
ghsaosv
CVE-2025-9824P4MEDIUM≥ 4.4.0, < 4.4.17≥ 5.0.0-alpha, < 5.2.8+1 more2025-09-03
CVE-2025-9824 [MEDIUM] CWE-204 Mautic Vulnerable to User Enumeration via Response Timing Mautic Vulnerable to User Enumeration via Response Timing ### Impact The attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks. ### Patches This vulnerability has been patched, implementing a timing-safe form login authenticator that ensures consistent response tim
ghsaosv
CVE-2017-1000046P4HIGH≥ 0, < 2.1.12022-05-13
CVE-2017-1000046 [HIGH] CWE-614 Sensitive Cookie Without HttpOnly and Secure Flag Sensitive Cookie Without HttpOnly and Secure Flag Mautic prior to 2.1.1 fails to set flags on session cookies
ghsaosv
CVE-2021-27910P4HIGH≥ 0, < 3.3.4≥ 4.0.0-alpha1, < 4.0.02021-09-01
CVE-2021-27910 [HIGH] CWE-79 Stored XSS vulnerability on Bounce Management Callback Stored XSS vulnerability on Bounce Management Callback ### Impact Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "error_related_to" parameters of the POST request of the bounce management callback will be permanently stored and executed once the details page of an affected lead is ope
ghsaosv
CVE-2025-5256P4MEDIUM≥ 1.0.0, < 4.4.16≥ 5.0.0-alpha, < 5.2.6+1 more2025-05-28
CVE-2025-5256 [MEDIUM] CWE-601 Mautic has an Open Redirect vulnerability on user unlock path. Mautic has an Open Redirect vulnerability on user unlock path. ### Summary This advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially leading to phishing attacks or the delivery of exploit kits. Open Redirection via `returnUrl` Parameter: An Open Redi
ghsaosv
CVE-2018-11198P4MEDIUM≥ 2.13.1, < 2.14.02021-01-19
CVE-2018-11198 [MEDIUM] CWE-79 XSS vulnerability in Author URL of themes in Mautic XSS vulnerability in Author URL of themes in Mautic ### Impact An XSS vulnerability was discovered in Mautic 2.13.1 in the Author URL of themes. ### Patches Update to 2.14 or later ### Workarounds None ### References https://github.com/mautic/mautic/releases/tag/2.14.0 ### For more information If you have any questions or comments about this advisory: * Email us at [[email protected]](mailto:security@mautic
ghsaosv
CVE-2018-11200P4MEDIUM≥ 0, < 2.14.02021-01-19
CVE-2018-11200 [MEDIUM] CWE-79 XSS vulnerability in company name field in Mautic XSS vulnerability in company name field in Mautic ### Impact Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code. ### Patches Update to 2.14.0 or later. ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at [[email protected]
ghsaosv
CVE-2022-25774P4MEDIUM≥ 0, < 4.4.122024-04-12
CVE-2022-25774 [MEDIUM] CWE-79 Mautic vulnerable to cross-site scripting in notifications via saving Dashboards Mautic vulnerable to cross-site scripting in notifications via saving Dashboards ### Impact Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards. ### Patches Update to Mautic 4.4.12. ### Workarounds None ### References - h
ghsaosv
CVE-2021-27917P4MEDIUM≥ 1.0.0-beta4, < 4.4.13≥ 5.0.0-alpha, < 5.1.12024-09-18
CVE-2021-27917 [MEDIUM] CWE-79 Mautic has an XSS in contact tracking and page hits report Mautic has an XSS in contact tracking and page hits report ### Summary Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. ### Patches Please update to 4.4.13 or 5.1.1 or later. ### Workarounds None ### References https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS) https://owasp.org/www-project-web-security-testing-guide/latest/
ghsaosv
CVE-2018-8071P4MEDIUM≥ 0, < 2.13.02021-01-19
CVE-2018-8071 [MEDIUM] CWE-79 XSS vulnerability in theme config file in Mautic XSS vulnerability in theme config file in Mautic ### Impact Mautic before v2.13.0 has stored XSS via a theme config file. ### Patches Update to 2.13.0 or later. ### Workarounds None. ### For more information If you have any questions or comments about this advisory: * Email us at [[email protected]](mailto:[email protected])
ghsaosv
CVE-2021-27911P4HIGH≥ 0, < 3.3.4≥ 4.0.0-alpha1, < 4.0.02021-09-01
CVE-2021-27911 [HIGH] CWE-79 XSS vulnerability on contacts view XSS vulnerability on contacts view ### Impact Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populated from different sources such as UI, API, 3rd party syncing, forms, etc. ### Patches Upgrade to 3
ghsaosv
CVE-2021-27912P4HIGH≥ 0, < 3.3.4≥ 4.0.0-alpha1, < 4.0.02021-09-01
CVE-2021-27912 [HIGH] CWE-79 XSS vulnerability on asset view XSS vulnerability on asset view ### Impact Mautic versions before 3.3.4 / 4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets. ### Patches Upgrade to 3.3.4 or 4.0.0 ### Workarounds No ### References https://github.com/mautic/mautic/re
ghsaosv
CVE-2017-1000488P4MEDIUM≥ 2.1.0, < 2.12.02021-01-19
CVE-2017-1000488 [MEDIUM] CWE-79 Inline JS XSS vulnerability in Mautic Inline JS XSS vulnerability in Mautic ### Impact Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form. ### Patches Upgrade to 2.12.0 or later. ### Workarounds None ### References https://github.com/mautic/mautic/releases/tag/2.12.0 ### For more information If you have any questions or comments about this advi
ghsaosv
CVE-2024-47050P4MEDIUM≥ 2.6.0, < 4.4.13≥ 5.0.0-alpha, < 5.1.12024-09-18
CVE-2024-47050 [MEDIUM] CWE-79 Mautic vulnerable to XSS in contact/company tracking (no authentication) Mautic vulnerable to XSS in contact/company tracking (no authentication) ## Summary Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. ## Patches Please update to 4.4.13 or 5.1.1 or later. ## Workarounds None ## References https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS) https://owasp.org/w
ghsaosv
CVE-2025-9823P4MEDIUM≥ 4.4.0, < 4.4.17≥ 5.0.0-alpha, < 5.2.8+1 more2025-09-03
CVE-2025-9823 [MEDIUM] CWE-79 Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add ## Summary A Cross-Site Scripting (XSS) vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious actions such as session hijackin
ghsaosv
CVE-2024-47056P4MEDIUM≥ 4.4.0, < 4.4.16≥ 5.0.0-alpha, < 5.2.6+1 more2025-05-28
CVE-2024-47056 [MEDIUM] CWE-312 Mautic does not shield .env files from web traffic Mautic does not shield .env files from web traffic ### Summary This advisory addresses a security vulnerability in Mautic where sensitive `.env` configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of sensitive information, including database credentials, API keys, and other critical system configurations. Sensitive Information Disclosure via `.env` File Ex
ghsaosv
Mautic Core vulnerabilities | cvebase