CVE-2019-1020003

invenio-records before 1.2.2 allows XSS.
Source: NIST
CVE-2019-1020003