Concrete CMS (previously concrete5) in versions 9.0 up to and including 9.1.3 is vulnerable to Stored XSS via a container name.
concretecms concrete cms