content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page.
getsymphony symphony 2.7.6