CVE-2018-8805
Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protectedappsdefaultviewdefaultextend_guestbook.php or protectedappsdefaultviewmobileextend_guestbook.php in an index.php?r=default/column/index&col=guestbook request.
Source: CVE-2018-8805