Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.
csphere clansphere 2011.4