An issue exists in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter.
laobancms laobancms 2.0