Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote malicious user to obtain sensitive information via a crafted article publication request.