Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
This can be leveraged to gain access to higher-privilege endpoints, e.g. if you get a user with admin privileges to run the code, you can potentially elevate all users and grant them admin privileges or access protected content.