CVE-2019-15476
The CVE affects the Former form builder (pre-4.2.1) with XSS via an unsanitized checkbox value. Root cause per the sources is an injection path through a checkbox value in Checkable.php. Impact is cross-site scripting; remediation is upgrading to version 4.2.1 (or applying the supplied fix). No e...