A File upload vulnerability in WBCE v.1.6.1 allows a local malicious user to upload a pdf file with hidden Cross Site Scripting (XSS).
wbce wbce cms 1.6.1