Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote malicious user to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library.