CVE-2017-18364

phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter.
Source: NIST
CVE-2017-18364