1: Just browse this target on any browser
2: Target: http://www.cfptime.org/
3: add any content after For example: this is not available anymore pls check WWW.EVIL.COM because this site
4: Now browser reflect the content or text .
Use Predefined 404 page , with fixed error content
It can be fixed by adding the following to the web server config:
ErrorDocument 404 "File not found."
Application allows users to inject any content on the 404 not found webpage
The issue is not critical , as it is only possible to inject plain text, no links or active content, to the error page.