CVE-2019-16657

TuziCMS 2.0.6 has XSS via the PATH_INFO to a group URI, as demonstrated by index.php/article/group/id/2/.
Source: NIST
CVE-2019-16657