<<< Date Index >>>     <<< Thread Index >>>

404 error XSS



The following web servers do not properly sanitize their output when
returning a 404 resource not found error which could be used in a XSS
attack:
Orion 1.3.8 Orion 1.4.5 CompaqHTTPServer 2.1

PoC: http://localhost/<script>alert('XSS')</script>

--
 - Josh