Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.
Please update to 4.4.13 or 5.1.1 or later.
None
https://owasp.org/www-project-top-ten/2017/A72017-Cross-SiteScripting(XSS) https://owasp.org/www-project-web-security-testing-guide/latest/4-WebApplicationSecurityTesting/07-InputValidationTesting/02-TestingforStoredCrossSite_Scripting
If you have any questions or comments about this advisory: Email us at security@mautic.org