Website background XSS_Site name

[crow821]

After installing xino-pro4 After 1.2, there is a storage XSS on the left side of the bottom of the background setting

Then in http://127.0.0.1/xiuno/admin/ Continue to log in to the administrator background and http://127.0.0.1/xiuno/admin/?setting -base. Htm setting page custom setting information: in the site name interface, modify the site name to Use the same method to access http://127.0.0.1/xiuno/ , and close the browser cache and refresh the page. At this time, the XSS code is executed successfully: