CVE-2018-20645

PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field.
Source: NIST