Zdeno Kuzmany

**Name of the Vulnerable Software and Affected Versions** Mautic (affected versions not specified) **Description** The issue concerns unauthorized access to unpublished page previews in Mautic, which could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information. The page preview functionality for unpublished content, accessible via predictable URLs (e.g., "/page/preview/1", "/page/preview/2"), lacked proper authorization checks, allowing any unauthenticated user to view content not yet intended for public release. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mautic (affected versions not specified) **Description** The upgrade logic in Mautic's application update via an upgrade script is not properly shielded, potentially leading to a vulnerable situation. However, this issue is mitigated by the fact that Mautic must be installed in a specific way to be vulnerable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mautic versions prior to 4.4.12 **Description** The issue is related to a self XSS vulnerability in the notifications within Mautic. Logged in users are vulnerable to this issue, which allows malicious code to be injected into the notification when saving Dashboards. **Recommendations** Update to Mautic 4.4.12 to resolve the issue. As a temporary workaround, consider restricting the ability to save Dashboards or injecting custom code into notifications until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Mautic versions prior to 3.3.5 Mautic versions prior to 4.2.0 **Description** The default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. However, the regex in the second FilesMatch only checks the filename, not the full path, which is incorrect logic. This issue can enable local host attacks due to an improper validation flaw. **Recommendations** For Mautic versions prior to 3.3.5, please upgrade to version 3.3.5 or later. For Mautic versions prior to 4.2.0, please upgrade to version 4.2.0 or later. As a temporary workaround, consider restricting access to the .htaccess file until a patch is applied.