*Google dork description: *Xitami servers distributed with a script for
testing server-side includes, '/testssi.ssi'. This script is vulnerable to
a cross-site scripting issue when sent a request with a malformed Host or
User-Agent header. An attacker may exploit this flaw the steal the
authentication credentials of third-party users.
*Google Search: *inurl:"/testssi.ssi"
*Submitted by:* Alfie_the-infosec_