Vulnerabilities > Mautic > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-18 | CVE-2018-8071 | Cross-site Scripting vulnerability in Mautic Mautic before v2.13.0 has stored XSS via a theme config file. | 6.1 |
| 2018-02-09 | CVE-2017-1000506 | Cross-site Scripting vulnerability in Mautic Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code. | 6.1 |
| 2018-01-03 | CVE-2017-1000490 | Path Traversal vulnerability in multiple products Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to. | 6.5 |
| 2018-01-03 | CVE-2017-1000488 | Cross-site Scripting vulnerability in multiple products Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form. | 6.1 |