Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information.
https://help.untis.at/hc/en-150/articles/360008456699
https://robin.meis.space/2020/03/11/notenmanipulation-in-elektronischen-klassenbuchern/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22453