Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-18	CVE-2021-27917	Cross-site Scripting vulnerability in Acquia Mautic Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. network low complexity acquia CWE-79	5.4
2024-09-18	CVE-2024-47050	Cross-site Scripting vulnerability in Acquia Mautic Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable. network low complexity acquia CWE-79	6.1
2024-09-18	CVE-2024-47058	Cross-site Scripting vulnerability in Acquia Mautic With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. network low complexity acquia CWE-79	4.8
2024-09-18	CVE-2022-25774	Cross-site Scripting vulnerability in Acquia Mautic Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards. network low complexity acquia CWE-79	5.4
2024-09-18	CVE-2022-25776	Incorrect Default Permissions vulnerability in Acquia Mautic Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names. network low complexity acquia CWE-276	6.5
2022-06-20	CVE-2022-25772	Cross-site Scripting vulnerability in Acquia Mautic A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript network low complexity acquia CWE-79	6.1
2021-08-30	CVE-2021-27909	Cross-site Scripting vulnerability in Acquia Mautic For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. network acquia CWE-79	4.3
2021-08-30	CVE-2021-27910	Cross-site Scripting vulnerability in Acquia Mautic Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. network acquia CWE-79	4.3
2021-08-30	CVE-2021-27911	Cross-site Scripting vulnerability in Acquia Mautic Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. network acquia CWE-79	4.3
2021-02-09	CVE-2020-35125	Cross-site Scripting vulnerability in Acquia Mautic A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept). network acquia CWE-79	6.8