Navigate CMS has Stored XSS via the navigate.php Title field in an edit action.
naviwebs navigate cms -