CVE-2018-16725

An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component." > MITRE Terms of Use apply – see LICENSE‑MITRE.txt