There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php
zzcms zzcms 2019