source: https://www.securityfocus.com/bid/20838/info iPlanet Messaging Server Messenger Express is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary JavaScript in the victim's browser.