Lil' HTTP Server v2.2 Default CGI From Xss Vulnerability Discription : In Lil' HTTP server 2.2v come with some Default applications in "CGI Form Demo" Applicatio they alows you to submit your name and e-mail . there is a XSS vuln in submit application Sample : http://192.168.1.102/pbcgi.cgi?name=%3C%3CSCRIPT%3Ealert%28%22XSS%22%29%3B%2F%2F%3C%3C%2FSCRIPT%3E Reffernce : - http://treasuresec.com [Treasure's Security Blog] - http://www.summitcn.com/lilhttp/lildocs.html - http://en.wikipedia.org/wiki/Cross-site_scripting