CVE-2019-8938

VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter.
Source: NIST