DomainMOD up to and including 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.
domainmod domainmod