XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.
jpress jpress 1.0.4