In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file.
CVE-2019-19913
Overview
In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.