An issue exists in Gentics CMS prior to 5.43.1. There is stored XSS in the profile description and in the username.
gentics gentics cms