WWWISIS Lang Parameter Cross-Site Scripting Vulnerability

WWWISIS Lang Parameter Cross-Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

The following proof-of-concept URI is available:

http://www.example.com/cgi-bin/wxis.exe/iah/?IsisScript=iah/iah.xis&base=article%5Edlibrary&fmt=iso.pft&lang=<xss>