74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology. 74cms version v3.5.1 suffers from a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in path/company. An attacker could exploit the vulnerability to execute JavaScript code on the client side.