Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter.
http://www.securityfocus.com/bid/3799
http://www.iss.net/security_center/static/7817.php