Vulnerabilities > Acquia > Mautic > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-18 CVE-2021-27917 Cross-site Scripting vulnerability in Acquia Mautic
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
network
low complexity
acquia CWE-79
5.4
2024-09-18 CVE-2024-47050 Cross-site Scripting vulnerability in Acquia Mautic
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
network
low complexity
acquia CWE-79
6.1
2024-09-18 CVE-2024-47058 Cross-site Scripting vulnerability in Acquia Mautic
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed.
network
low complexity
acquia CWE-79
4.8
2024-09-18 CVE-2022-25774 Cross-site Scripting vulnerability in Acquia Mautic
Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards.
network
low complexity
acquia CWE-79
5.4
2024-09-18 CVE-2022-25776 Incorrect Default Permissions vulnerability in Acquia Mautic
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.
network
low complexity
acquia CWE-276
6.5
2022-06-20 CVE-2022-25772 Cross-site Scripting vulnerability in Acquia Mautic
A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript
network
low complexity
acquia CWE-79
6.1
2021-08-30 CVE-2021-27909 Cross-site Scripting vulnerability in Acquia Mautic
For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code.
network
acquia CWE-79
4.3
2021-08-30 CVE-2021-27910 Cross-site Scripting vulnerability in Acquia Mautic
Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function.
network
acquia CWE-79
4.3
2021-08-30 CVE-2021-27911 Cross-site Scripting vulnerability in Acquia Mautic
Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button.
network
acquia CWE-79
4.3
2021-02-09 CVE-2020-35125 Cross-site Scripting vulnerability in Acquia Mautic
A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).
network
acquia CWE-79
6.8