WBCE CMS is an open source content management system (CMS) based on PHP and MySQL. version 1.5.2 of WBCE CMS contains a cross-site scripting vulnerability that can be exploited by attackers to conduct cross-site scripting (XSS) attacks via /admin/users/save.php.