Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows malicious user to execute arbitrary code via the language parameter to the /ngs/login endpoint.
elitecms elite cms 1.2.11