ganglia-web (aka Ganglia Web Frontend) up to and including 3.7.5 allows XSS via the header.php ce parameter.
ganglia ganglia-web