dayrui FineCms 5.2.0 prior to 2017.11.16 has Cross Site Scripting (XSS) in core/M_Controller.php via the DR_URI field.
finecms finecms 5.2.0