Posted by SEC Consult Vulnerability Lab on May 15The following CVE numbers have been assigned now:
XSS issue: CVE-2018-11090
Arbitrary File Upload: CVE-2018-11091

http://seclists.org/bugtraq/2018/May/39