WBCE CMS is an open source content management system (CMS) based on PHP and MySQL. WBCE CMS suffers from a cross-site scripting vulnerability that stems from the application’s lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload.