CVE-2019-10226
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI.
Date published : 2019-06-10
https://www.exploit-db.com/exploits/46617/
http://packetstormsecurity.com/files/152263/Fat-Free-CRM-0.19.0-HTML-Injection.html