In DomainMOD up to and including 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS.
domainmod domainmod