Atstake Security Advisory A091503-1 – The Nokia Electronic Documentation product has three vulnerabilities. A cross-site scripting vulnerability allows an attacker to run malicious code if javascript is enabled. A directory listing of the web root is available by supplying the underlying webserver with a period. NED can also be inadvertently used as an HTTP proxy server.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/31652/a091503-1.txt
Source: https://packetstormsecurity.com/files/31652/Atstake-Security-Advisory-03-09-15.1.html