CVE-2019-1010030

https://www.phpscriptsmall.com/product/website-seller-script/ Website Seller Script 2.0.3 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Get user and administrator’s cookie (login credentials). The component is: user_submit.php?upd=2. The attack vector is: <img src=x onerror=alert(document.cookie) />.

Source: CVE-2019-1010030