XSS in the client account page in SuiteCRM prior to 7.11.19 allows an malicious user to inject JavaScript via the name field