An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box.
https://packetstormsecurity.com/files/157099/Vanguard-2.1-Cross-Site-Scripting.html