This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.
The remote web server uses a JSP framework that is vulnerable to a
cross-site scripting attack.
The remote web server uses an implementation of the Apache MyFaces
Tomahawk JSF framework that fails to sanitize user-supplied input to
the 'autoScroll' parameter before using it to generate dynamic
content. An unauthenticated, remote attacker may be able to leverage
this issue to inject arbitrary HTML or script code into a user's
browser to be executed within the security context of the affected
See also :
Upgrade to MyFaces Tomahawk version 1.1.6 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true