Concrete CMS (previously concrete5) in versions 9.0 up to and including 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files.
concretecms concrete cms