| CVE-2017-8874 |
high |
8.8 |
8.8 |
|
|
|
9y ago |
Mautic Cross-Site Request Forgery (CSRF) |
| CVE-2017-1000046 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Sensitive Cookie Without HttpOnly and Secure Flag |
| CVE-2026-3105 |
unknown |
— |
— |
|
|
|
3mo ago |
Mautic is Vulnerable to SQL Injection through Contact Activity API Sorting |
| CVE-2025-13828 |
unknown |
— |
— |
|
|
|
6mo ago |
Mautic user without privileged access to the Marketplace can install and uninstall composer packages |
| CVE-2025-9824 |
unknown |
— |
— |
|
|
|
9mo ago |
Mautic Vulnerable to User Enumeration via Response Timing |
| CVE-2025-9823 |
unknown |
— |
— |
|
|
|
9mo ago |
Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add |
| CVE-2025-9822 |
unknown |
— |
— |
|
|
|
9mo ago |
Mautic vulnerable to secret data extraction via elfinder |
| CVE-2025-9821 |
unknown |
— |
— |
|
|
|
9mo ago |
Mautic vulnerable to SSRF via webhook function |
| CVE-2025-5256 |
unknown |
— |
— |
|
|
|
1y ago |
Mautic has an Open Redirect vulnerability on user unlock path. |
| CVE-2024-47055 |
unknown |
— |
— |
|
|
|
1y ago |
Mautic segment cloning doesn't have a proper permission check |
| CVE-2024-47057 |
unknown |
— |
— |
|
|
|
1y ago |
Mautic allows user name enumeration due to response time difference on password reset form |
| CVE-2024-47056 |
unknown |
— |
— |
|
|
|
1y ago |
Mautic does not shield .env files from web traffic |
| CVE-2025-5257 |
unknown |
— |
— |
|
|
|
1y ago |
Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure |
| CVE-2022-25773 |
unknown |
— |
— |
|
|
|
1y ago |
Mautic allows Relative Path Traversal in assets file upload |
| CVE-2024-47053 |
unknown |
— |
— |
|
|
|
1y ago |
Mautic allows Improper Authorization in Reporting API |
| CVE-2024-47051 |
unknown |
— |
— |
|
|
|
1y ago |
Mautic allows Remote Code Execution and File Deletion in Asset Uploads |
| CVE-2024-47059 |
unknown |
— |
— |
|
|
|
2y ago |
Mautic allows users enumeration due to weak password login |
| CVE-2022-25770 |
unknown |
— |
— |
|
|
|
2y ago |
Mautic has insufficient authentication in upgrade flow |
| CVE-2021-27917 |
unknown |
— |
— |
|
|
|
2y ago |
Mautic has an XSS in contact tracking and page hits report |
| CVE-2024-47050 |
unknown |
— |
— |
|
|
|
2y ago |
Mautic vulnerable to XSS in contact/company tracking (no authentication) |
| CVE-2024-47058 |
unknown |
— |
— |
|
|
|
2y ago |
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field) |
| CVE-2022-25768 |
unknown |
— |
— |
|
|
|
2y ago |
Mautic vulnerable to Improper Access Control in UI upgrade process |
| CVE-2020-35125 |
unknown |
— |
— |
|
|
|
2y ago |
Mautic is vulnerable to XSS vulnerability |
| CVE-2022-25777 |
unknown |
— |
— |
|
|
|
2y ago |
Mautic: MST-48 Server-Side Request Forgery in Asset section |
| CVE-2022-25776 |
unknown |
— |
— |
|
|
|
2y ago |
Mautic Sensitive Data Exposure due to inadequate user permission settings |
| CVE-2022-25775 |
unknown |
— |
— |
|
|
|
2y ago |
Mautic SQL Injection in dynamic Reports |
| CVE-2021-27916 |
unknown |
— |
— |
|
|
|
2y ago |
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder |
| CVE-2022-25774 |
unknown |
— |
— |
|
|
|
2y ago |
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards |
| CVE-2021-27915 |
unknown |
— |
— |
|
|
|
2y ago |
Mautic vulnerable to stored cross-site scripting in description field |
| CVE-2022-25772 |
unknown |
— |
— |
|
|
|
4y ago |
Cross-site Scripting vulnerability in Mautic's tracking pixel functionality |
| CVE-2020-35129 |
unknown |
— |
— |
|
|
|
4y ago |
Mautic stored Cross-site Scripting (XSS) |
| CVE-2020-35128 |
unknown |
— |
— |
|
|
|
4y ago |
Mautic stored Cross-site Scripting (XSS) |
| CVE-2017-1000506 |
unknown |
— |
— |
|
|
|
4y ago |
Mautic Cross Site Scripting (XSS) vulnerability |
| CVE-2022-25769 |
unknown |
— |
— |
|
|
|
4y ago |
Improper regex in htaccess file |
| CVE-2021-27913 |
unknown |
— |
— |
|
|
|
5y ago |
Use of a Broken or Risky Cryptographic Algorithm |
| CVE-2021-27909 |
unknown |
— |
— |
|
|
|
5y ago |
XSS vulnerability on password reset page |
| CVE-2021-27910 |
unknown |
— |
— |
|
|
|
5y ago |
Stored XSS vulnerability on Bounce Management Callback |
| CVE-2021-27911 |
unknown |
— |
— |
|
|
|
5y ago |
XSS vulnerability on contacts view |
| CVE-2021-27912 |
unknown |
— |
— |
|
|
|
5y ago |
XSS vulnerability on asset view |
| CVE-2021-27908 |
unknown |
— |
— |
|
|
|
5y ago |
Mautic vulnerable to secret data exfiltration via symfony parameters |
| CVE-2021-3142 |
unknown |
— |
— |
|
|
|
5y ago |
XSS in Mautic |
| CVE-2018-8092 |
unknown |
— |
— |
|
|
|
5y ago |
CSV Injection vulnerability with exported contact lists in Mautic |
| CVE-2018-11200 |
unknown |
— |
— |
|
|
|
5y ago |
XSS vulnerability in company name field in Mautic |
| CVE-2017-1000488 |
unknown |
— |
— |
|
|
|
5y ago |
Inline JS XSS vulnerability in Mautic |
| CVE-2018-10189 |
unknown |
— |
— |
|
|
|
5y ago |
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID |
| CVE-2017-1000489 |
unknown |
— |
— |
|
|
|
5y ago |
Disabled users able to log in with third party SSO plugin |
| CVE-2018-8071 |
unknown |
— |
— |
|
|
|
5y ago |
XSS vulnerability in theme config file in Mautic |
| CVE-2018-11198 |
unknown |
— |
— |
|
|
|
5y ago |
XSS vulnerability in Author URL of themes in Mautic |
| CVE-2017-1000490 |
unknown |
— |
— |
|
|
|
5y ago |
Mautic users able to download any files from server using filemanager |
| CVE-2020-35124 |
unknown |
— |
— |
|
|
|
5y ago |
XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic |