CVE 2018-15511

Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.

See the CVE page on Mitre.org for more details.