No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter.
no-cms project no-cms 1.1.3