mautic/core Security Advisories for 4.0.0-alpha1 (8)
-
[MEDIUM] Mautic: MST-48 Server-Side Request Forgery in Asset section
PKSA-qbyg-mfvh-bykw CVE-2022-25777 GHSA-mgv8-w49f-822w
Affected version: >=5.0.0-alpha,<5.0.4|>=1.0.0-beta4,<4.4.12
Reported by:
GitHub -
[HIGH] Mautic Sensitive Data Exposure due to inadequate user permission settings
PKSA-h1nj-n1bm-2hgs CVE-2022-25776 GHSA-qjx3-2g35-6hv8
Affected version: >=5.0.0-alpha,<5.0.4|>=1.0.2,<4.4.12
Reported by:
GitHub -
[MEDIUM] Mautic SQL Injection in dynamic Reports
PKSA-sy5k-g715-pnjy CVE-2022-25775 GHSA-jj6w-2cqg-7p94
Affected version: >=5.0.0-alpha,<5.0.4|>=2.14.1,<4.4.12
Reported by:
GitHub -
[HIGH] Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
PKSA-xg8c-5dhf-6tcn CVE-2021-27916 GHSA-9fcx-cv56-w58p
Affected version: >=5.0.0-alpha,<5.0.4|>=3.3.0,<4.4.12
Reported by:
GitHub -
[MEDIUM] Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
PKSA-47j7-7fkf-jb1b CVE-2022-25774 GHSA-fhcx-f7jg-jx3f
Affected version: <4.4.12
Reported by:
GitHub -
[HIGH] Mautic vulnerable to stored cross-site scripting in description field
PKSA-y6pk-4xsd-p383 CVE-2021-27915 GHSA-2rc5-2755-v422
Affected version: >=1.0.0-beta2,<4.4.12
Reported by:
GitHub -
[CRITICAL] Cross-site Scripting vulnerability in Mautic's tracking pixel functionality
PKSA-srsk-dycm-5jdh CVE-2022-25772 GHSA-pjpc-87mp-4332
Affected version: <4.3.0
Reported by:
GitHub -
[MEDIUM] Improper regex in htaccess file
PKSA-hj5d-wswk-kw69 CVE-2022-25769 GHSA-mj6m-246h-9w56
Affected version: >=4.0.0,<4.2.0|<3.3.5
Reported by:
GitHub