Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag.Referenceshttp://www.securityfocus.com/bid/954http://www.osvdb.org/1212
