Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards.

Mautic vulnerable to cross-site scripting in notifications via saving Dashboards