Cross-site scripting in Mautic - CVE-2018-8071
Published: January 19, 2021 / Updated: May 25, 2026
Mautic
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary script code in a user's browser.
The vulnerability exists due to cross-site scripting in the theme config file when processing crafted theme configuration content. A remote user can supply a specially crafted theme config file to execute arbitrary script code in a user's browser.