A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.
https://cert-portal.siemens.com/productcert/pdf/ssa-712690.pdf