Xiuno BBS is an open source PHP and MySQL-based forum program. Xiuno BBS is vulnerable to a cross-site scripting vulnerability that originates from the product/admin/?setting-base.htm page failing to properly handle data in the sitename field. An attacker could execute client-side code through this vulnerability.