CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27916 – Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder)
https://notcve.org/view.php?id=CVE-2021-27916
Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files. This vulnerability exists in the implementation of the GrapesJS builder in Mautic. • https://github.com/mautic/mautic/security/advisories/GHSA-9fcx-cv56-w58p • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27915 – XSS Cross-site Scripting Stored (XSS) - Description field
https://notcve.org/view.php?id=CVE-2021-27915
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system. • https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3448 – Improper Access Control Leads to Server-Side Request Forgery in Mautic
https://notcve.org/view.php?id=CVE-2024-3448
Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port scan in the back-end. At the time of publication of the CVE no patch is available. • https://huntr.com/bounties/4d72d300-92d6-4e3c-93d8-52fe47396ae0 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2024-2731 – Improper Access Control Issues Lead to Sensitive Data Exposure in Mautic
https://notcve.org/view.php?id=CVE-2024-2731
Users with low privileges (all permissions deselected in the administrator permissions settings) can view certain pages that expose sensitive information such as company names, users' names and surnames, stage names, and monitoring campaigns and their descriptions. In addition, unprivileged users can see and edit the descriptions of tags. At the time of publication of the CVE no patch is available. Los usuarios con privilegios bajos (todos los permisos deseleccionados en la configuración de permisos de administrador) pueden ver ciertas páginas que exponen información confidencial como nombres de empresas, nombres y apellidos de los usuarios, nombres artísticos y campañas de monitoreo y sus descripciones. Además, los usuarios sin privilegios pueden ver y editar las descripciones de las etiquetas. • https://github.com/lockness-Ko/CVE-2024-27316 https://github.com/aeyesec/CVE-2024-27316_poc https://huntr.com/bounties/4d72d300-92d6-4e3c-93d8-52fe47396ae0 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2730 – Predictable Page Indexing Might Lead to Sensitive Data Exposure in Mautic
https://notcve.org/view.php?id=CVE-2024-2730
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available Mautic utiliza índices de páginas predecibles para páginas de destino no publicadas; usuarios no autenticados pueden acceder a su contenido a través de URL de vista previa públicas que podrían exponer datos confidenciales. En el momento de publicación del CVE no hay ningún parche disponible • https://huntr.com/bounties/cd3321a4-9ebc-48fa-8d4c-b5720089c2d9 • CWE-425: Direct Request ('Forced Browsing') •