Cyclos 4 PRO is a web server. a cross-site scripting vulnerability exists in Cyclos 4 PRO version 4.14.7 and earlier, which stems from a failure to validate user input during error notification. A remote, unauthenticated attacker could execute javascript code via undefine enumeration constants.