CVE-2019-8436 (imcat)

imcat 4.5 has Stored XSS via the root/run/adm.php fm[instop][note] parameter.

Source: CVE-2019-8436 (imcat)