CVE-2019-14228
Xavier PHP Management Panel 3.0 is affected by a Reflected POST-based XSS in the username parameter during new user registration via admin/includes/adminprocess.php. The XSS reflects on the error page when registration fails, and the vulnerability is exacerbated by the absence of CSRF protection ...