An issue exists in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen.
victor cms project victor cms