Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280.