WBCE CMS is an open source content management system (CMS) based on PHP and MySQL. cross-site scripting vulnerability exists in WBCE CMS 1.5.4 and previous versions, which stems from the lack of effective filtering and escaping of user-supplied data in the Footer field of the Search Settings module, which can be exploited by attackers to launch cross-site scripting attacks.