CVE-2018-20138

PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as FirstName and LastName, a similar issue to CVE-2018-14541.