Cross-site scripting in Mautic - CVE-2018-11198
Published: January 19, 2021 / Updated: May 25, 2026
Mautic
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary script code in a victim's browser.
The vulnerability exists due to cross-site scripting in the author URL field of themes when rendering theme metadata. A remote attacker can supply a crafted author URL value to execute arbitrary script code in a victim's browser.