CVE-2019-10016

GForge Advanced Server 6.4.4 allows XSS via the commonsearch.php words parameter, as demonstrated by a snippet/search/?words= substring.
Source: NIST
CVE-2019-10016