CVE-2018-11735

index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter.