Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
http://www.securitytracker.com/id?1027926
http://archives.neohapsis.com/archives/bugtraq/2012-12/0146.html