CMS Made Simple up to and including 2.2.14 allows XSS via a crafted File Picker profile name.
cmsmadesimple cms made simple