GUnet Open eClass (aka openeclass) prior to 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter.
gunet open eclass platform