CVE-2018-19926by Jeremyin Security Bulletinson Posted on December 7, 2018 Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO.