Cross-site scripting (XSS) vulnerability in the frontend interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/91792
http://www.arcticdesk.com/support/announcements/arcticdesk-v1-2-5-maintenance-release-18.html