Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post.
cotonti cotonti siena 0.9.20