Frog CMS 0.9.5 allows XSS via the forgot password page (aka the /admin/?/login/forgot URI).
frog cms project frog cms 0.9.5