CVE-2018-5687

NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php.