Cross-site scripting in Mautic - CVE-2017-1000488
Published: January 19, 2021 / Updated: May 25, 2026
Mautic
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary script code in the victim's browser.
The vulnerability exists due to cross-site scripting in Mautic forms on a Mautic landing page when using GET parameters to pre-populate the form. A remote attacker can supply specially crafted GET parameters to execute arbitrary script code in the victim's browser.