Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an IMG element within a URI.
open-audit open-audit 2.1