Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter.
https://github.com/typecho/typecho/issues/1535
https://github.com/typecho/typecho/commit/f9ede542c9052ba22a6096d8412e2f02d9de872b