Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia Server CMS (OTSCMS) 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter.
https://www.exploit-db.com/exploits/3283
https://exchange.xforce.ibmcloud.com/vulnerabilities/32324