Hello, I have located an html injection in the symbol field:
Steps :
1 - log in as administrator
2 - Go to Options
3 - Go to Currencies
4 - Insert the html code in the symbol field and by inserting the following payload i was able to redirect the user to a malicious site. <a href=“http://evil.com”>CLICK ME</a>