CVE-2019-16416

HRworks 3.36.9 allows XSS via the purpose of a travel-expense report.
Source: NIST
CVE-2019-16416