SQLi and XSS vulnerability found in Yale University by Zer0Pwn

The GreyHat hacker 'Zer0Pwn ‏' has discovered Cross site scripting as well as Sql injection vulnerability in the Yale University website.  We are not providing the SQL injection vulnerable link for security issue. 

The POC for xss vulnerability:
http://bioinfo.mbb.yale.edu/genome/worm/search.cgi?orf=B0244.9%3Cscript%3Ealert%28%22Zer0Pwn%22%29%3C/script%3E