The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_files[] to admin/moduleinterface.php.
Published March 20, 2020.
Cmsmadesimple CMS Made Simple