IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . IceCMS v1.0.0 version exists cross-site scripting vulnerability, the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping, an attacker can exploit the vulnerability by injecting a well-designed payload to execute arbitrary Web script or HTML.