Cisco released a fix for the medium impact vulnerability found on CommPilot Application Software, allowing cross-site scripting against the user interface. The Cisco BroadWorks CommPilot Application allows authenticated users to upload configuration files on the platform.
Source: GBHackers