CVE 2018-15511
Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.
See the
CVE page on Mitre.org
for more details.