The following web servers do not properly sanitize their output when returning a 404 resource not found error which could be used in a XSS attack:Orion 1.3.8 Orion 1.4.5 CompaqHTTPServer 2.1
PoC: http://localhost/<script>alert('XSS')</script> -- - Josh