CVE-2018-5687by Jeremyin Security Bulletinson Posted on January 14, 2018 NewsBee allows XSS via the Company Name field in the Settings under admin/admin.php.