EyouCMS <= 1.6.0 exists a reflected-XSS in FileManager component in GET value "activepath" when creating a new file.
eyoucms eyoucms