Vulnerabilities (CVE)

Filtered by vendor Mautic Subscribe

Filtered by product Mautic

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-35129	1 Mautic	1 Mautic	2021-01-27	6.0 MEDIUM	9.0 CRITICAL
Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account.
CVE-2018-8092	1 Mautic	1 Mautic	2020-08-24	7.5 HIGH	9.8 CRITICAL
Mautic before 2.13.0 allows CSV injection.