The system Client doesn't properly sanitise POST parameter, which result into a Stored Cross-Site Scripting(XSS).
https://dolphinphp.com/
https://github.com/caiweiming/DolphinPHP
webraybtl@webray.com.cn inc
1,After the system installation is completed, log in to the background
2,Insert a danger code where the nickname is modified in the personal settings
<script>alert(1);</script>超级管理员
3,Click "user" - > "permission management" - > "user management" to execute the code