Cross-site scripting (XSS) vulnerability in Under Construction, Baby (UCB) PC2M 0.9.22.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/49227
http://www.rcdtokyo.com/pc2m/note/archives/i000854.php