Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.
Published May 22, 2020.
Gilacms Gila CMS