Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 has unknown impact and attack vectors when the "logbook contains HTML code," probably cross-site scripting (XSS).
https://midas.psi.ch/elog/download/ChangeLog
https://exchange.xforce.ibmcloud.com/vulnerabilities/40124