Within the Admin Dashboard -> Settings -> Election -> "message if election is closed" there is improper input sanitization allowing a XSS to be performed on any user who vist's the page
Software: eLection Vendor: "fauzantrif" Version: 2.0 https://sourceforge.net/projects/election-by-tripath/
Status: CVE-2020-9336