A stored xss in tianma-static module versions <=1.0.4 allows an malicious user to execute arbitrary javascript.
tianma-static project tianma-static