XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field
