[SECURITY] XSS in template tools on root page