GCVE - cpe:2.3:a:acquia:mautic:1.0.0:rc2:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:acquia:mautic:1.0.0:rc2:*:*:*:*:*:*

part: a version: 1.0.0 update: rc2

Vendor	Acquia (`15d56acd-23d5-5963-9c0b-96f076249d74`)
Product	Mautic (`543739f1-898e-5ba0-985b-428e8a4ce88d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:drupal/mautic`	purl2cpe	2026-06-01 10:10:56.118593
`pkg:github/mautic/mautic`	purl2cpe	2026-06-01 10:10:56.118594

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-25777`	vulnerable	2026-06-03 14:46:40.584975	Server-Side Request Forgery in Asset section MEDIUM (6.5) Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability. Published: 2024-09-18T15:13:52.308Z Updated: 2024-09-18T21:32:05.348Z Open on db.gcve.eu Reference links https://github.com/mautic/mautic/security/advisories/GHSA-mgv8-w49f-822w	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-25770`	vulnerable	2026-06-03 14:46:40.578893	Insufficient authentication in upgrade flow HIGH (7.8) Mautic allows you to update the application via an upgrade script. The upgrade logic isn't shielded off correctly, which may lead to vulnerable situation. This vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable. Published: 2024-09-18T21:26:34.059Z Updated: 2024-09-19T14:47:14.786Z Open on db.gcve.eu Reference links https://github.com/mautic/mautic/security/advisories/GHSA-qf6m-6m4g-rmrc	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-27917`	vulnerable	2026-06-03 14:44:17.054897	XSS in contact tracking and page hits report HIGH (7.3) Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report. Published: 2024-09-18T21:09:09.987Z Updated: 2024-09-19T15:40:48.121Z Open on db.gcve.eu Reference links https://github.com/mautic/mautic/security/advisories/GHSA-xpc5-rr39-v8v2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-27915`	vulnerable	2026-06-03 14:44:17.052860	XSS Cross-site Scripting Stored (XSS) - Description field HIGH (7.6) Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system. Published: 2024-09-17T14:02:09.969Z Updated: 2024-09-17T16:01:29.250Z Open on db.gcve.eu Reference links https://github.com/mautic/mautic/security/advisories/GHSA-2rc5-2755-v422	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.