EIP-2026-118791

This is a writeup describing a cross-site scripting (XSS) vulnerability in Microsoft IIS where long URLs ending in .idc are reflected unsanitized in error pages. The advisory lacks actual exploit code but provides a technical description of the issue.