WBCE CMS is an open source content management system (CMS) based on PHP and MySQL.WBCE CMS v1.5.4 and its previous versions have a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data in the Results Footer field of the Search Settings module, which can be exploited by attackers to inject cross-site code and launch XSS attack.