mautic/core Security Advisories for 2.14.0-beta (11)
-
[CRITICAL] Cross-site Scripting vulnerability in Mautic's tracking pixel functionality
PKSA-srsk-dycm-5jdh CVE-2022-25772 GHSA-pjpc-87mp-4332
Affected version: <4.3.0
Reported by:
GitHub -
[MEDIUM] Improper regex in htaccess file
PKSA-hj5d-wswk-kw69 CVE-2022-25769 GHSA-mj6m-246h-9w56
Affected version: >=4.0.0,<4.2.0|<3.3.5
Reported by:
GitHub -
[LOW] Use of a Broken or Risky Cryptographic Algorithm
PKSA-fcy2-ts5y-y8xc CVE-2021-27913 GHSA-x7g2-wrrp-r6h3
Affected version: <4.0.0|>=3.3.0,<3.3.4|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] XSS vulnerability on asset view
PKSA-p6sq-9ppy-k1f8 CVE-2021-27912 GHSA-rh5w-82wh-jhr8
Affected version: <4.0.0|>=3.3.0,<3.3.4|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] XSS vulnerability on contacts view
PKSA-ykqx-7zqg-n9bn CVE-2021-27911 GHSA-72hm-fx78-xwhc
Affected version: <4.0.0|>=3.3.0,<3.3.4|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] XSS vulnerability on password reset page
PKSA-rqyb-wvf2-m87b CVE-2021-27909 GHSA-32hw-3pvh-vcvc
Affected version: <4.0.0|>=3.3.0,<3.3.4|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Stored XSS vulnerability on Bounce Management Callback
PKSA-dh3n-xcj8-kwbq CVE-2021-27910 GHSA-86pv-95mj-7w5f
Affected version: <4.0.0|>=3.3.0,<3.3.4|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Secret data exfiltration via symfony parameters
PKSA-ftms-7tmx-dwmz CVE-2021-27908 GHSA-4hjq-422q-4vpx
Affected version: >=3.3.0,<3.3.2|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access
PKSA-ysg5-6d2n-7swq CVE-2020-35125
Affected version: >=3.2.0,<3.2.4|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0|>=2.0.0,<2.16.5
Reported by:
FriendsOfPHP/security-advisories -
[CRITICAL] Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access
PKSA-d4dv-g651-gm2b CVE-2020-35124 GHSA-39wj-j3jc-858m
Affected version: >=3.2.0,<3.2.4|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0|>=2.0.0,<2.16.5
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Mautic core - Moderately Critical - XSS vulnerability when creating/editing a company
PKSA-cjzg-6rfp-qkfk CVE-2021-3142 GHSA-p7v4-gm6j-cw9m
Affected version: >=3.2.0,<3.2.4|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0|>=2.0.0,<2.16.5
Reported by:
GitHub, FriendsOfPHP/security-advisories