Cisco has published a security advisory that states that they have discovered two vulnerabilities, an XSS and an HTML injection vulnerability. These vulnerabilities existed in the SPA500 series of the Cisco Small Business IP Phones.
Source: GBHackers