Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/templates/clothesshop, application/views/templates/onepage, and application/views/templates/redlabel.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25093
Reference (s):
- https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/7c3c32d6526268b1c78d6d5741361e79292e9c22