NULLhttpd version 0.5.1 and below is vulnerable to a simple cross-site scripting attack.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/31697/nullhttpd.xss.txt
Source: https://packetstormsecurity.com/files/31697/nullhttpd.xss.txt.html