WTCMS is a content management system (CMS) based on ThinkPHP.A cross-site scripting vulnerability exists in the WTCMS page management backend. An attacker can exploit the vulnerability to obtain a cookie by entering a specially crafted payload into the search box.