LeptonCMS is a content management system (CMS). A cross-site scripting vulnerability exists in LeptonCMS version 4.7.0, which stems from the lack of effective filtering and escaping of user-supplied data in the backend/pages/modify.php file, which can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload.