Multiple Possible XSS vulnerabilities

[enferas]

Hello,

I would like to report for some XSS vulnerabilities.

For example,

In file hr-payroll-master\application\controllers\Logistice.php

  public function Add_Assets_Category(){
      if($this->session->userdata('user_login_access') != False) {
      $id = $this->input->post('catid');
      $cattype = $this->input->post('cattype');
      $catname = $this->input->post('catname');
      $this->load->library('form_validation');
      $this->form_validation->set_error_delimiters();
      $this->form_validation->set_rules('catname', 'Category name', 'trim|required|min_length[1]|max_length[220]|xss_clean');

      //...
              $data = array(
                  'cat_name' => $catname,
                  'cat_status' => $cattype
              );
              $success = $this->logistic_model->Add_Assets_Category($data);
           //...          
      }
  //...    
}

We see that cat_name is validated against XSS but cat_status is not validated.
Then it will be saved in the DB, in file hr-payroll-master\application\models\Logistic_model.php

    public function Add_Assets_Category($data){
        $this->db->insert('assets_category',$data);
    }

Then in file

public function Assets_Category(){
    if($this->session->userdata('user_login_access') != False) {
        $data=array();
        $data['catvalue'] = $this->project_model->GetAssetsCategory();
        $this->load->view('backend/assets_category',$data);
    }
    //...     
}

In file hr-payroll-master\application\models\Project_model.php

    public function GetAssetsCategory(){
        $sql = "SELECT * FROM `assets_category`";
        $query=$this->db->query($sql);
        $result = $query->result();
		return $result;          
    } 

Finally cat_status is printed in the view 'backend/assets_category'.

<?php foreach($catvalue as $value): ?>
  <tr>
      <td><?php echo $value->cat_id; ?></td>
      <td><?php echo $value->cat_status ?></td>
      <td><?php echo $value->cat_name; ?></td>
      <td class="jsgrid-align-center ">
          <a href="" title="Edit" class="btn btn-sm btn-info waves-effect waves-light AssetsModal" data-id="<?php echo $value->cat_id; ?>"><i class="fa fa-pencil-square-o"></i></a>
      </td>
  </tr>
<?php endforeach; ?>