DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.
dedecms dedecms 5.7