Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/8197
http://www.securityfocus.com/bid/4112