Cross Site Scripting Vulnerability through the use of Statics Script in FeehiCMS-2.1.1

[githubmof]

The steps to reproduce.

Login to the website backend as admin, go to "Setting" - "Website Setting"

In the "Statics Script" code field, write some attack code，just like <script>alert(1);</script>

Success after saving

Return to the front-end homepage and discover that the XSS attack has been successful