CVE 2019-8290

Vulnerability in Online Store v1.0, The registration form requirements for the member email format can be bypassed by posting directly to sent_register.php allowing special characters to be included and an XSS payload to be injected.

See the CVE page on Mitre.org for more details.