The checked_out_to is not escaped, which leads to a XSS problem.
1.Login to the demo account
2.Report->Depreciation Report
3.Choose a Asset and goto Assets menu and check it out. new a location which is '"><img src>
and check the asset to this location
4.Return to Depreciation Report,refresh,a lert will be triggered
'"><img src>