admin\db\DoSql.php in EmpireCMS up to and including 7.5 allows XSS via crafted SQL syntax to admin/admin.php.
phome empirecms