Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165.
https://exchange.xforce.ibmcloud.com/vulnerabilities/38257
http://www.vupen.com/english/advisories/2007/3717
http://www.securityfocus.com/bid/26328