Vulnerabilities > Mautic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-19 | CVE-2020-35129 | Cross-site Scripting vulnerability in Mautic Mautic before 3.2.4 is affected by stored XSS. | 6.0 |
| 2018-04-18 | CVE-2018-8092 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Mautic Mautic before 2.13.0 allows CSV injection. | 7.5 |
| 2018-04-18 | CVE-2018-8071 | Cross-site Scripting vulnerability in Mautic Mautic before v2.13.0 has stored XSS via a theme config file. | 4.3 |
| 2018-04-17 | CVE-2018-10189 | Information Exposure vulnerability in Mautic An issue was discovered in Mautic 1.x and 2.x before 2.13.0. | 5.0 |
| 2018-02-09 | CVE-2017-1000506 | Cross-site Scripting vulnerability in Mautic Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code. | 4.3 |
| 2018-01-03 | CVE-2017-1000490 | Path Traversal vulnerability in multiple products Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to. | 4.0 |
| 2018-01-03 | CVE-2017-1000489 | Improper Authentication vulnerability in multiple products Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address | 6.8 |
| 2018-01-03 | CVE-2017-1000488 | Cross-site Scripting vulnerability in multiple products Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form. | 4.3 |
| 2017-07-17 | CVE-2017-1000046 | Unspecified vulnerability in Mautic Mautic 2.6.1 and earlier fails to set flags on session cookies | 5.0 |