CVE-2020-20285

There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php