Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application.
https://www.exploit-db.com/exploits/49181
http://demo.coastercms.org/homepage/blog
http://demo.coastercms.org/admin/login