Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script.
https://jvn.jp/en/jp/JVN60140221/
https://downloadvi.com/downloads/IPServer/v7.9/796232/v796232RN.pdf