Hello, I found that this cms may have some security problem
you can edit your html on http://localhost/nc-cms/nc-cms/index.php?action=edit_html&name=home_content
and you can Input any evil js you want

@Marblue Are students simply being told to go around to projects including TinyMCE and open issues like these?

It's by design, my friend. Think about the security context here: The user would already need administrator privileges to access this form. If they want to add some javascript, they should be able to.

Closing, won't fix for reasons above.