source: https://www.securityfocus.com/bid/9516/info
BRS WebWeaver has been reported prone to a cross-site scripting vulnerability. An attacker may create a malicious link to the vulnerable server that includes embedded HTML and script code. If this link is followed by a victim user, hostile code embedded in the link may be rendered in the user's browser in the context of the server.
Successful exploitation could permit theft of cookie-based authentication credentials or other attacks.
This issue was reported in BRS WebWeaver 1.07. Earlier versions may also be affected.
http://www.example.com/scripts/ISAPISkeleton.dll?<script>alert("Ooops!")</script>
