Cross-site scripting (XSS) vulnerability in IBM QuickFile 1.0.0.0 before iFix 4 and 1.1.0.1 before iFix 3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
https://exchange.xforce.ibmcloud.com/vulnerabilities/89284
http://www.securityfocus.com/bid/66246