Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration.
composr project composr