CMSReams CMS version 1.3.1.1 B2 suffers from local file inclusion and cross site scripting vulnerabilities.