Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field.
https://exchange.xforce.ibmcloud.com/vulnerabilities/29295
http://www.vupen.com/english/advisories/2006/3888
http://www.securityfocus.com/bid/20275
http://www.securityfocus.com/archive/1/447397/100/0/threaded