XSS injection vulnerability exists in \templates\m\inc_head.php #8
Description
inc_head.php
<input type="text" id="abc" class="search-txt" value="<?php if(isset($_GET['q'])) echo $_GET['q'];?>" />
$_GET['q'] not filtered
so we can use ?q="><script>alert(1)</script>
