In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.
cmsmadesimple cms made simple 2.2.2