An issue exists in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI.
laobancms laobancms 2.0