Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP error page generation for certificate errors.