CVE-2019-11449

I, Librarian 4.10 has XSS via the notes.php notes parameter.
Source: NIST
CVE-2019-11449