joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter.Referenceshttps://github.com/joyplus/joyplus-cms/issues/429
