source: https://www.securityfocus.com/bid/13127/info
XAMPP is prone to multiple remote HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before including it in dynamically generated web content.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, which may help the attacker steal cookie-based authentication credentials and launch other attacks.
http://www.example.com/xampp/phonebook.php?lastname=Cru3l.b0y&firstname=&phone=