Evolution CMS is an open source PHP-based content management system (CMS). Evolution CMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the uid parameter, which can be exploited by an attacker to execute arbitrary Web script or HTML by injecting a carefully crafted payload.