CVE-2017-14536by Jeremyin Security Bulletinson Posted on February 16, 2018 trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php.