There are multiple Cross-Site Scripting vulnerabilities on HongCMS 3.0.0 
Vulnerable path: /HongCMS-master/install/index.php
Vulnerable parameters: 
servername
dbname
dbusername 
dbpassword
tableprefix