Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.
modx evolution cms