CVE-2019-10027

PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen.
Source: NIST
CVE-2019-10027