paintballrefjosh/MaNGOSWebV4 prior to 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).
mangoswebv4 project mangoswebv4