An issue exists in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an malicious user to perform an action on behalf of the user, exfiltrate data, and so on.