CVE-2019-15950

The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data.