Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages."
http://www.securityfocus.com/bid/86546
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160419-01-policycenter-en