Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows malicious users to run arbitrary code via the header code and footer code fields in code configuration.