XAMPP is vulnerable to a remote file disclosure attack. It is interesting to see the same programming error lead to another security vulnerability. The vulnerability exists within the web application supplied with XamPP. It can be exploited to perform Cross Site Scripting attacks. The vulnerability has been tested on Windows XP Hebrew, Service Pack 3.3 and prior. It is not known if the vulnerability exists in the web applications supplied with the Xampp. It has been reported in the past that the vulnerability is a result of a programming error.
Source: https://thehackernews.com/2010/11/exploit-release-xampp-173-multiple.html