A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the βError Logβ page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the βCron Jobsβ functionality of Webuzo.