There are two fields affected by a stored XSS vulnerability.


1. Add new serial code 
2. On the multiline field "Codes to store on the server" enter the payload: <td></td><script>alert(1)</script><td></td>
3. Press "Store codes"
4. Go back to the and see the XSS happening. 


1. Add new code list category 
2. On the multiline field "Name" enter the payload: <td></td><script>alert(2)</script><td></td>
3. Go back to the plugin settings and see the XSS.