WBCE CMS is an open source content management system (CMS) based on PHP and MySQL.WBCE CMS v1.5.4 and previous versions have a cross-site scripting vulnerability, which stems from the lack of effective filtering and escaping of user-supplied data in the Source field of the Modify Page module, which can be exploited to inject cross-site code and launch XSS attacks.