An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path.
A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 in guestbook via the message board, which could let a remote malicious user execute arbitrary code.