A security vulnerability exists in TaleLin Lin-CMS-Flask, a content management system framework, due to cross-site scripting (XSS) in Lin-CMS-Flask, which can be exploited by remote attackers to execute arbitrary code by entering a script in the Username parameter to execute arbitrary code.