mautic/core-lib

Packagist5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting mautic/core-libpage 1 of 1

CVE-2021-27917HIGHCVSS 7.3EG 7.3✓ Fixed in 5.1.1
2024-09-18
vulnerable: 5.0.0 ... 5.1.0 (12 versions)
Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.
CVE-2022-25768HIGHCVSS 7.0EG 7.0✓ Fixed in 5.1.1
2024-09-18
vulnerable: 5.0.0 ... 5.1.0 (12 versions)
The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. Prior to this patch being applied it might be possible for an attacker to access the Mauti…
CVE-2022-25770HIGHCVSS 7.8EG 7.8✓ Fixed in 5.1.1
2024-09-18
vulnerable: 5.0.0 ... 5.1.0 (12 versions)
Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a…
CVE-2024-47050MEDIUMCVSS 5.4EG 5.4✓ Fixed in 5.1.1
2024-09-18
vulnerable: 5.0.0 ... 5.1.0 (12 versions)
Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
CVE-2024-47058LOWCVSS 2.9EG 2.9✓ Fixed in 4.4.13
2024-09-18
vulnerable: 4.0.0 ... 4.4.9 (32 versions)
With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.

Check whether mautic/core-lib is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for mautic/core-lib CVEs against the assets you own.

Start Free Scan →