mautic/core Security Advisories for 5.0.x-dev (8)
-
[MEDIUM] Mautic allows Relative Path Traversal in assets file upload
PKSA-r9y9-cx91-ppbj CVE-2022-25773 GHSA-4w2w-36vm-c8hf
Affected version: <5.2.3
Reported by:
GitHub -
[HIGH] Mautic allows Improper Authorization in Reporting API
PKSA-d6g7-gn2x-xxxs CVE-2024-47053 GHSA-8xv7-g2q3-fqgc
Affected version: >=1.0.1,<5.2.3
Reported by:
GitHub -
[CRITICAL] Mautic allows Remote Code Execution and File Deletion in Asset Uploads
PKSA-r8cy-ghyg-685v CVE-2024-47051 GHSA-73gx-x7r9-77x2
Affected version: <5.2.3
Reported by:
GitHub -
[MEDIUM] Mautic has insufficient authentication in upgrade flow
PKSA-zrpx-tjt4-ctvz CVE-2022-25770 GHSA-qf6m-6m4g-rmrc
Affected version: >=5.0.0-alpha,<5.1.1|>=1.0.0-beta3,<4.4.13
Reported by:
GitHub -
[MEDIUM] Mautic has an XSS in contact tracking and page hits report
PKSA-39c1-mjv2-cwmh CVE-2021-27917 GHSA-xpc5-rr39-v8v2
Affected version: >=5.0.0-alpha,<5.1.1|>=1.0.0-beta4,<4.4.13
Reported by:
GitHub -
[MEDIUM] Mautic vulnerable to XSS in contact/company tracking (no authentication)
PKSA-x4f7-yvw2-qxkj CVE-2024-47050 GHSA-73gr-32wg-qhh7
Affected version: >=5.0.0-alpha,<5.1.1|>=2.6.0,<4.4.13
Reported by:
GitHub -
[MEDIUM] Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
PKSA-zw3g-4t7k-356g CVE-2024-47058 GHSA-xv68-rrmw-9xwf
Affected version: >=1.0.0-beta,<4.4.13|>=5.0.0-alpha,<5.1.1
Reported by:
GitHub -
[HIGH] Mautic vulnerable to Improper Access Control in UI upgrade process
PKSA-1qjd-2pbn-b37d CVE-2022-25768 GHSA-x3jx-5w6m-q2fc
Affected version: >=5.0.0-alpha,<5.1.1|>=1.1.3,<4.4.13
Reported by:
GitHub