DomainMOD up to and including 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field.
domainmod domainmod