XSS in NetIQ Designer for Identity Manager prior to 4.5.3 allows remote malicious users to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.
netiq identity manager