BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI.