Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page.Referenceshttps://github.com/leanote/leanote/issues/822
