https://www.exploit-db.com/exploits/21926
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-661

AuthoriaHR的athcgi.exe存在跨站脚本（XSS）漏洞。远程攻击者借助command参数注入任意web脚本或者HTML。

source: http://www.securityfocus.com/bid/5932/info

Authoria HR Suite is prone to cross-site scripting attacks.

An attacker could construct a malicious link to a vulnerable host that contains arbitrary HTML and script code. If this link is visited by a web user, the attacker-supplied code will be rendered in their browser, in the security context of the vulnerable site.

https://www.example.com/path.to/cgi-bin/athcgi.exe?command=showpage&script='],[0,0]];alert('test!');a=[['

来源:BID
名称:5932
链接:http://www.securityfocus.com/bid/5932
来源:BUGTRAQ
名称:20021009XSSinAuthoriaHRSuite
链接:http://www.securityfocus.com/archive/1/294624
来源:XF
名称:authoria-hr-athcgi-xss(10324)
链接:http://www.iss.net/security_center/static/10324.php