CVE-2018-19926

Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.