CVE-2019-14546
Affected software: EspoCRM before 5.6.9. Vulnerability: Stored XSS on the Preference page and in emails via a malicious Email Signature. Root cause (as described): improper handling of content in the Email Signature that allows JavaScript to execute when the recipient replies or forwards, enablin...