Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script.