I recently performed a penetration test against an instance of Clickstudios Passwordstate, a web based Enterprise Password Management solution.
During testing, three instances of cross-site scripting were identified. This blog post is intended to serve as public disclosure of the issues for CVE-2018-14776, which have since been patched by Clickstudios.