Vulnerabilities > Acquia > Mautic > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-17 | CVE-2021-27915 | Cross-site Scripting vulnerability in Acquia Mautic Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system. | 9.0 |
| 2021-02-09 | CVE-2020-35125 | Cross-site Scripting vulnerability in Acquia Mautic A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept). | 9.6 |
| 2021-01-28 | CVE-2020-35124 | Cross-site Scripting vulnerability in Acquia Mautic A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads. | 9.6 |
| 2021-01-19 | CVE-2020-35128 | Cross-site Scripting vulnerability in Acquia Mautic Mautic before 3.2.4 is affected by stored XSS. | 9.0 |