CVE-2018-10128by Jeremyin Security Bulletinson Posted on April 16, 2018 An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php.