Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.
csphere clansphere 2011.4