🛒 sekumartdeals so good it should be illegal
USD EUR GBP 🏴 0/6 🛒 cart (0) login
security level: low medium high impossible

Source: reviews (security level: low)

Flip the security level in the header to compare the vulnerable and fixed code paths.

<?php // LOW: review author/body rendered verbatim -> STORED XSS
function render_review($r){ echo "<div class='review'><b>".$r['author']."</b> on <i>".$r['pname']."</i><p>".$r['body']."</p></div>"; }