An issue exists in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.
ucms project ucms 1.4.6