Cross-site scripting in Mautic - CVE-2020-35128
Published: January 14, 2021 / Updated: May 25, 2026
Mautic
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary script code in a victim's browser.
The vulnerability exists due to cross-site scripting in the company creation and editing functionality when handling company data input. A remote user can submit specially crafted company data to execute arbitrary script code in a victim's browser.
Exploitation requires the user to be logged in as an administrator.