Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat.
https://exchange.xforce.ibmcloud.com/vulnerabilities/77567
http://www.securitytracker.com/id?1027402