CAcert suffered from a cross site scripting vulnerability when parsing a given X.509 certificate.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/70442/AKLINK-SA-2008-007.txt
Source: https://packetstormsecurity.com/files/70442/AKLINK-SA-2008-007.txt.html