There is a XSS vulnerability that can execute javascript

[coalzhao]

Founded in your demo site.
https://demo.gleezcms.org/media/imagecache/resize/20x20//
Visit this address with Firefox browser and it shows a forbidden page

Then insert the payload

<script>alert(1)</script>

then u can see this page alert 1 at once.

Obviously, some js code can be executed.

[sandeepone]

Thank you. I'll look into it