Subrion CMS 4.2.1 allows _core/en/contacts/ XSS via the name, email, or phone parameter.
intelliants subrion cms 4.2.1