WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.

By admin