Novell ZENworks Configuration Management 11.2
This is fixed in version 11.2.1 - see KB 7010042 "ZENworks Configuration Management 11.2.1 - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7010042
ZCC already implements XSS filters, because of the particular implementation of ZCC, ZCM cannot filter out scripts or other XSS causing tags from request or response. Instead ZCM is escaping these characters using their corresponding ascii values. So these will be shown back in response (as shown by Nessus scan), but they are never executed as part of request or response. It was observed that the ZCM utility servlets like HelpServlet and FileUplaodServlet might not have full filtering implemented (not given in Nessus scan).