CVE-2019-11406

CVE-2019-11406

Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.

Source: CVE-2019-11406