mautic/core Security Advisories for 3.1.0-rc (16)
-
[MEDIUM] Mautic: MST-48 Server-Side Request Forgery in Asset section
PKSA-qbyg-mfvh-bykw CVE-2022-25777 GHSA-mgv8-w49f-822w
Affected version: >=5.0.0-alpha,<5.0.4|>=1.0.0-beta4,<4.4.12
Reported by:
GitHub -
[HIGH] Mautic Sensitive Data Exposure due to inadequate user permission settings
PKSA-h1nj-n1bm-2hgs CVE-2022-25776 GHSA-qjx3-2g35-6hv8
Affected version: >=5.0.0-alpha,<5.0.4|>=1.0.2,<4.4.12
Reported by:
GitHub -
[MEDIUM] Mautic SQL Injection in dynamic Reports
PKSA-sy5k-g715-pnjy CVE-2022-25775 GHSA-jj6w-2cqg-7p94
Affected version: >=5.0.0-alpha,<5.0.4|>=2.14.1,<4.4.12
Reported by:
GitHub -
[MEDIUM] Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
PKSA-47j7-7fkf-jb1b CVE-2022-25774 GHSA-fhcx-f7jg-jx3f
Affected version: <4.4.12
Reported by:
GitHub -
[HIGH] Mautic vulnerable to stored cross-site scripting in description field
PKSA-y6pk-4xsd-p383 CVE-2021-27915 GHSA-2rc5-2755-v422
Affected version: >=1.0.0-beta2,<4.4.12
Reported by:
GitHub -
[CRITICAL] Cross-site Scripting vulnerability in Mautic's tracking pixel functionality
PKSA-srsk-dycm-5jdh CVE-2022-25772 GHSA-pjpc-87mp-4332
Affected version: <4.3.0
Reported by:
GitHub -
[MEDIUM] Improper regex in htaccess file
PKSA-hj5d-wswk-kw69 CVE-2022-25769 GHSA-mj6m-246h-9w56
Affected version: >=4.0.0,<4.2.0|<3.3.5
Reported by:
GitHub -
[LOW] Use of a Broken or Risky Cryptographic Algorithm
PKSA-fcy2-ts5y-y8xc CVE-2021-27913 GHSA-x7g2-wrrp-r6h3
Affected version: <4.0.0|>=3.3.0,<3.3.4|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] XSS vulnerability on asset view
PKSA-p6sq-9ppy-k1f8 CVE-2021-27912 GHSA-rh5w-82wh-jhr8
Affected version: <4.0.0|>=3.3.0,<3.3.4|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] XSS vulnerability on password reset page
PKSA-rqyb-wvf2-m87b CVE-2021-27909 GHSA-32hw-3pvh-vcvc
Affected version: <4.0.0|>=3.3.0,<3.3.4|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Stored XSS vulnerability on Bounce Management Callback
PKSA-dh3n-xcj8-kwbq CVE-2021-27910 GHSA-86pv-95mj-7w5f
Affected version: <4.0.0|>=3.3.0,<3.3.4|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] XSS vulnerability on contacts view
PKSA-ykqx-7zqg-n9bn CVE-2021-27911 GHSA-72hm-fx78-xwhc
Affected version: <4.0.0|>=3.3.0,<3.3.4|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[MEDIUM] Secret data exfiltration via symfony parameters
PKSA-ftms-7tmx-dwmz CVE-2021-27908 GHSA-4hjq-422q-4vpx
Affected version: >=3.3.0,<3.3.2|>=3.2.0,<3.3.0|>=3.1.0,<3.2.0|<3.1.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access
PKSA-ysg5-6d2n-7swq CVE-2020-35125
Affected version: >=3.2.0,<3.2.4|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0|>=2.0.0,<2.16.5
Reported by:
FriendsOfPHP/security-advisories -
[CRITICAL] Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access
PKSA-d4dv-g651-gm2b CVE-2020-35124 GHSA-39wj-j3jc-858m
Affected version: >=3.2.0,<3.2.4|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0|>=2.0.0,<2.16.5
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Mautic core - Moderately Critical - XSS vulnerability when creating/editing a company
PKSA-cjzg-6rfp-qkfk CVE-2021-3142 GHSA-p7v4-gm6j-cw9m
Affected version: >=3.2.0,<3.2.4|>=3.1.0,<3.2.0|>=3.0.0,<3.1.0|>=2.0.0,<2.16.5
Reported by:
GitHub, FriendsOfPHP/security-advisories