Mautic is an open source marketing automation software that monitors and manages websites, sends emails and manages customer resources. Mautic is vulnerable to a cross-site scripting vulnerability that stems from an XSS vulnerability on Mautic’s password reset page, where a vulnerable parameter bundle in the URL could allow an attacker to execute Javascript code. An attacker could use this vulnerability to convince or trick a target into clicking on a password reset URL with vulnerable parameters.