Php · Php Template Store Script · CVE-2018-14869
**Name of the Vulnerable Software and Affected Versions**
PHP Template Store Script version 3.0.6
**Description**
The issue allows for cross-site scripting (XSS) attacks through specific fields in a user's profile, including the Address line 1, Address Line 2, Bank name, or A/C Holder name field.
**Recommendations**
For PHP Template Store Script version 3.0.6, consider validating and sanitizing user input for the Address line 1, Address Line 2, Bank name, and A/C Holder name fields to prevent XSS attacks. As a temporary workaround, restrict the use of these fields until a proper fix is applied.