An issue exists in DouCo DouPHP 1.5 20181221. admin/product.php?rec=update has XSS via the name parameter.
douco douphp 1.5