[eluser]tmountain[/eluser]
Running an automated security scanner on my CI application produces the following.
The value of the csrf_cookie cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a38fc">[removed]alert(1)< /script>ede65226261 was submitted in the csrf_cookie cookie. This input was echoed unmodified in the application's response.
It seems that the csrf_cookie that CI automatically adds to the form is vulnerable to XSS. I'm running CI version 2.1.0.