ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter.Referenceshttps://github.com/thinksaas/ThinkSAAS/issues/16
