Vulnerabilities > Acquia > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-17 CVE-2021-27915 Cross-site Scripting vulnerability in Acquia Mautic
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system.
network
low complexity
acquia CWE-79
critical
9.0
2021-02-09 CVE-2020-35125 Cross-site Scripting vulnerability in Acquia Mautic
A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept).
network
low complexity
acquia CWE-79
critical
9.6
2021-01-28 CVE-2020-35124 Cross-site Scripting vulnerability in Acquia Mautic
A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads.
network
low complexity
acquia CWE-79
critical
9.6
2021-01-19 CVE-2020-35128 Cross-site Scripting vulnerability in Acquia Mautic
Mautic before 3.2.4 is affected by stored XSS.
network
low complexity
acquia CWE-79
critical
9.0