UCMS v1.6.0 exists to contain a cross-site scripting (XSS) vulnerability via the Import function under the Site Management page.
ucms project ucms 1.6