Nathan Dors, Pubcookie Project reports:
A new non-persistent XSS vulnerability was found in the
Pubcookie login server's compiled binary "index.cgi" CGI
program. The CGI program mishandles untrusted data when
printing responses to the browser. This makes the program
vulnerable to carefully crafted requests containing script
or HTML. If an attacker can lure an unsuspecting user to
visit carefully staged content, the attacker can use it to
redirect the user to his or her local Pubcookie login page
and attempt to exploit the XSS vulnerability.