CVE-2019-11406 (subrion_cms)

Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.
Source: NIST
CVE-2019-11406 (subrion_cms)