Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810.
http://www.securitytracker.com/id/1032423
http://tools.cisco.com/security/center/viewAlert.x?alertId=39015