The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS.