Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item.
https://exchange.xforce.ibmcloud.com/vulnerabilities/27167
http://www.securityfocus.com/bid/18361
http://www.securityfocus.com/archive/1/469825/100/100/threaded
http://www.securityfocus.com/archive/1/436691/30/4500/threaded