OFCMS is a content management system (CMS) developed by China Zhongtian Network Technology Company using Java language. v1.1.4 of OFCMS has a cross-site scripting vulnerability, which originates from the component /admin/comn/service/update.json lack of data validation filtering for user-supplied data and output data. An attacker could use this vulnerability to execute JavaScript code.