Mautic Core vulnerabilities
49 known vulnerabilities affecting mautic/core.
Total CVEs
49
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH13MEDIUM27LOW2
Vulnerabilities
Page 3 of 3
CVE-2017-1000506P4MEDIUM≥ 0, < 2.14.22022-05-14
CVE-2017-1000506 [MEDIUM] CWE-79 Mautic Cross Site Scripting (XSS) vulnerability
Mautic Cross Site Scripting (XSS) vulnerability
Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.
ghsaosv
CVE-2024-47055P4MEDIUM≥ 5.0.0-alpha, < 5.2.6≥ 6.0.0-alpha, < 6.0.22025-05-28
CVE-2024-47055 [MEDIUM] CWE-284 Mautic segment cloning doesn't have a proper permission check
Mautic segment cloning doesn't have a proper permission check
### Summary
This advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks.
Insecure Direct Object Reference (IDOR) / Missing Authorization: A missing authorization vulnerability exists in the `clo
ghsaosv
CVE-2024-47059P4MEDIUM≥ 5.1.0, < 5.1.12024-09-18
CVE-2024-47059 [MEDIUM] CWE-200 Mautic allows users enumeration due to weak password login
Mautic allows users enumeration due to weak password login
### Summary
When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak.
However when an incorrect username is provided along side with weak password, the application responds with ’Invalid credentials’ notification.
This difference could be used to perform username
ghsaosv
CVE-2021-27908P4MEDIUM≥ 0, < 3.3.22021-04-06
CVE-2021-27908 [MEDIUM] CWE-732 Mautic vulnerable to secret data exfiltration via symfony parameters
Mautic vulnerable to secret data exfiltration via symfony parameters
### Impact
Symfony parameters (which is what Mautic transforms configuration parameters into) can be used within other Symfony parameters by design. However, this also means that an admin who is normally not privy to certain parameters, such as database credentials, could expose them by leveraging any of the free text fields in
ghsaosv
CVE-2024-47058P4MEDIUM≥ 5.0.0-alpha, < 5.1.1≥ 1.0.0-beta, < 4.4.132024-09-18
CVE-2024-47058 [MEDIUM] CWE-79 Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
### Impact
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.
### Patches
Upgrade to 4.4.13 or 5.1.1 or later.
### Workarounds
None
### References
- https://owasp.org/www
ghsaosv
CVE-2021-27913P4LOW≥ 0, < 3.3.4≥ 4.0.0-alpha1, < 4.0.02021-09-01
CVE-2021-27913 [LOW] CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Use of a Broken or Risky Cryptographic Algorithm
## ✍️ Description
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control
## 🕵️♂️ Proof of Concept
Numerous examples
ghsaosv
CVE-2025-9821P4LOW≥ 4.4.0, < 4.4.17≥ 5.0.0-alpha, < 5.2.8+1 more2025-09-03
CVE-2025-9821 [LOW] CWE-918 Mautic vulnerable to SSRF via webhook function
Mautic vulnerable to SSRF via webhook function
### Summary
Users with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed
### Details
When sending webhooks, the destination is not validated, causing SSRF.
### Impact
Bypass of firewalls to interact with internal services.
See https://owasp.org/Top10/A10_2021-Server-Side_Req
ghsaosv
CVE-2018-8092MEDIUM≥ 0, < 2.13.02021-01-19
CVE-2018-8092 [MEDIUM] CWE-1236 CSV Injection vulnerability with exported contact lists in Mautic
CSV Injection vulnerability with exported contact lists in Mautic
### Impact
Mautic versions before 2.13.0 had a vulnerability that allowed a CSV injection with exported contact lists - https://www.owasp.org/index.php/CSV_Injection.
### Patches
Update to 2.13.0 or later.
### Workarounds
None.
### For more information
If you have any questions or comments about this advisory:
* Email us at [secur
ghsaosv
CVE-2021-3142HIGH≥ 3.0.0, < 3.2.4≥ 2.0.0, < 2.16.52021-01-29
CVE-2021-3142 [HIGH] CWE-79 XSS in Mautic
XSS in Mautic
### Impact
This is a cross-site scripting vulnerability relating to creating/editing a company which requires the user to be logged in as an administrator to be executed.
This vulnerability was reported by Dardan Prebreza at Bishop Fox.
### Patches
Upgrade to 3.2.4 or 2.16.5.
Link to patch for 2.x versions: https://github.com/mautic/mautic/compare/2.16.4...2.16.5.diff
Link to patch for 3.x versions: https://github.com/mautic/mautic/com
ghsaosv
← Previous3 / 3