Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files.
https://gist.github.com/thedroidgeek/0a9b8189b74f968b5d7b84ec12b8f8f5