Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the «Web Sites > Create > Aliases > Add» screen.
