source: http://www.securityfocus.com/bid/5603/info

NullLogic Null HTTPd is a small multithreaded webserver for Linux and Windows.

It is possible for attackers to construct a URL that will cause scripting code to be embedded in error pages. As a result, when an innocent user follows such a link, the script code will execute within the context of the hosted site. 

http://localhost/a?x=<SCRIPT>alert(document.URL)</SCRIPT>