Vulnerabilities in mautic
40 resultsCVE-2022-25774MEDIUMXSS in Notifications via saving DashboardsEPSS 0.4%CVE-2021-27908MEDIUMIn all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user EPSS 0.3%CVE-2024-47059MEDIUMUsers enumeration - weak password loginEPSS 0.3%CVE-2025-5257MEDIUMPredictable Page Indexing Might Lead to Sensitive Data ExposureEPSS 0.3%CVE-2024-47050MEDIUMXSS in contact/company tracking (no authentication)EPSS 0.3%CVE-2025-9823MEDIUMReflected XSS in lead:addLeadTags - Quick AddEPSS 0.3%CVE-2026-3105HIGHSQL Injection in Contact Activity API SortingEPSS 0.3%CVE-2022-25768HIGHImproper Access Control in UI upgrade processEPSS 0.3%CVE-2025-9821LOWSSRF via webhook functionEPSS 0.3%CVE-2022-25770HIGHInsufficient authentication in upgrade flowEPSS 0.3%CVE-2021-27917HIGHXSS in contact tracking and page hits reportEPSS 0.3%CVE-2024-47057MEDIUMUser name enumeration possible due to response time difference on password reset formEPSS 0.3%CVE-2025-9824MEDIUMUser Enumeration via Response TimingEPSS 0.3%CVE-2025-7381MEDIUMExposure of sensitive PHP information to an unauthorized control sphere in mautic/mautic imagesEPSS 0.2%CVE-2025-13828CRITICALMautic user without privileged access to the Marketplace can install and uninstall composer packagesEPSS 0.2%CVE-2025-9822MEDIUMSecret data extraction via elfinderEPSS 0.2%CVE-2024-47055MEDIUMSegment cloning doesn't have a proper permission checkEPSS 0.2%CVE-2025-5256MEDIUMOpen Redirect vulnerability on user unlock pathEPSS 0.2%CVE-2024-47058LOWCross-site Scripting (XSS) - stored (edit form HTML field)EPSS 0.2%CVE-2024-47056MEDIUMMautic does not shield .env files from web trafficEPSS 0.1%