CheckSec Canopy 3.x prior to 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users.
checksec canopy