Authentix is a webpage protection tool that uses IIS and NT user names as a backend. You can read more about the product here: http://www.flicks.com/flicks/authx.htm. To me, it seems like a very antiquated tool, but apparently it is still used in production environments.
The vulnerability occurs within the remote administration webpage while editing user accounts. After logging in, browse to the delete user admin page at: https://server.site.com/scripts/aspadmin/deleteUserSelect.asp
This page allows you to enter the user name of the user you wish to delete.
And here on the webpage:
(This code was taken from http://ha.ckers.org/xss.html which is a very nice XSS cheat-sheet).
This URL works nicely:
This works on several other pages as well, including some that are persistent. I have only tested to see whether a few other pages are vulnerable, but the entire site appears to be a bit outdated, especially from a design standpoint. I have emailed the company again (they have been contacted previously about this) and, if I receive a response, will include it here.