This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.
The remote web server contains a Java web application that is affected
by a cross-site scripting vulnerability.
The remote host is running Apache Roller, a multi-user blog server
written in Java.
The version of Apache Roller installed on the remote host fails to
sanitize user input to the 'q' parameter of search requests before
including it in dynamic HTML output. An attacker may be able to
leverage this issue to inject arbitrary HTML and script code into a
user's browser to be executed within the security context of the
See also :
Apply the code fix referenced in revision 668737 from the Subversion
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 35299 (apache_roller_q_xss.nasl)
Bugtraq ID: 33110
CVE ID: CVE-2008-6879
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.