Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mautic — Vulnerabilities & Security Advisories 36

All 36 CVE vulnerabilities found in Mautic, with AI-generated Chinese analysis, references, and POCs.

Vendor: Mautic

CVE IDTitleCVSSSeverityPublished
CVE-2026-3105 SQL Injection in Contact Activity API Sorting CWE-89 7.6 High2026-02-24
CVE-2025-13828 Mautic user without privileged access to the Marketplace can install and uninstall composer packages CWE-862 7.8AIHighAI2025-12-02
CVE-2025-13827 GrapesJsBuilder File Upload allows all file uploads CWE-434 9.8AICriticalAI2025-12-02
CVE-2025-9823 Reflected XSS in lead:addLeadTags - Quick Add CWE-79 6.1AIMediumAI2025-09-03
CVE-2025-9824 User Enumeration via Response Timing CWE-204 5.9 Medium2025-09-03
CVE-2025-9822 Secret data extraction via elfinder CWE-283 5.5 Medium2025-09-03
CVE-2025-9821 SSRF via webhook function CWE-918 2.7 Low2025-09-03
CVE-2025-5256 Open Redirect vulnerability on user unlock path CWE-601 5.4 Medium2025-05-28
CVE-2024-47055 Segment cloning doesn't have a proper permission check CWE-862 4.3 Medium2025-05-28
CVE-2024-47057 User name enumeration possible due to response time difference on password reset form CWE-203 5.3 Medium2025-05-28
CVE-2024-47056 Mautic does not shield .env files from web traffic CWE-312 5.1 Medium2025-05-28
CVE-2025-5257 Predictable Page Indexing Might Lead to Sensitive Data Exposure CWE-1284 6.5 Medium2025-05-28
CVE-2022-25770 Insufficient authentication in upgrade flow CWE-306 7.8 High2024-09-18
CVE-2024-47059 Users enumeration - weak password login CWE-200 4.3 Medium2024-09-18
CVE-2021-27917 XSS in contact tracking and page hits report CWE-79 7.3 High2024-09-18
CVE-2024-47050 XSS in contact/company tracking (no authentication) CWE-79 5.4 Medium2024-09-18
CVE-2024-47058 Cross-site Scripting (XSS) - stored (edit form HTML field) CWE-79 2.9 Low2024-09-18
CVE-2022-25768 Improper Access Control in UI upgrade process CWE-287 7.0 High2024-09-18
CVE-2022-25777 Server-Side Request Forgery in Asset section CWE-918 6.5 Medium2024-09-18
CVE-2022-25776 Sensitive Data Exposure due to inadequate user permission settings CWE-276 8.3 High2024-09-18
CVE-2022-25775 SQL Injection in dynamic Reports CWE-89 6.6 Medium2024-09-18
CVE-2022-25774 XSS in Notifications via saving Dashboards CWE-79 4.8 Medium2024-09-18
CVE-2022-25769 Improper regex in htaccess file CWE-1284 7.2 High2024-09-18
CVE-2021-27916 Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder) CWE-22 8.1 High2024-09-17
CVE-2021-27915 XSS Cross-site Scripting Stored (XSS) - Description field CWE-80 7.6 High2024-09-17
CVE-2024-3448 Improper Access Control Leads to Server-Side Request Forgery in Mautic CWE-918 5.0 Medium2024-04-10
CVE-2024-2731 Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic CWE-284 5.4 Medium2024-04-10
CVE-2024-2730 Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic CWE-425 5.3 Medium2024-04-10
CVE-2022-25772 Mautic 跨站脚本漏洞 CWE-79 9.6 Critical2022-06-20
CVE-2021-27914 Mautic 跨站脚本漏洞 CWE-79 7.6 High2022-06-01

All 36 known CVE vulnerabilities affecting Mautic with full Chinese analysis, references, and POCs where available.