1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.