Symptoms

We created a smartobject with a text and memo field and created a list view using that smartobject. We then added a couple of rows to the smartobject and saved java script into the memo field.

When you use quick search to search for anything in the text field, it executed the java script in the memo field.
 

Diagnoses

We were able to reproduce the issue with relative ease. This was a security vulnerability in smartform.
 

Resolution

We send the ticket to the sustained engineering team and they gave us a cold-fix. After applying the cold-fix, the jscript did not execute anymore. If you run into this issue, please log a support ticket and request the fix.