DESCRIPTION An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section. VENDOR PHP Scripts Mall Pvt. Ltd. [Affected Product Code Base] Investment MLM Software(link- https://www.phps criptsmall.com/product/investm ent-mlm/ ) - 2.0.2 POC 1.GO to http://198.38.86.159/~onlineex amboard/demo/investment-mlm/ 2. Request a test account "Click Here For User Demo Link" 3. Login and go to my profile. 4. Input payload <script>alert(document.domain) </script> and xss gets popped. PROOF