An issue exists in XiaoCms 20141229. There is XSS related to the template\default\show_product.html file.
xiaocms xiaocms 20141229