An issue exists in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter.
laobancms laobancms 2.0