74cms is a PHP and MySQL-based online recruitment system from China Xunyi Technology. 74cmsSE version v3.5.1 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output from path/job. An attacker could exploit this vulnerability to execute JavaScript code on the client side.