Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote malicious user to run arbitrary code via crafted string in the URL after login.