[原文]Cross-site scripting (XSS) vulnerability in Response_default.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted in the resulting default error page.
04WebServer contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input upon submission to the Response_default.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Upgrade to version 1.50 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.