This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.
The remote web server contains a Java web application that is affected
by a cross-site scripting vulnerability.
The remote host is running Apache Roller, a multi-user blog server
written in Java.
The version of Apache Roller installed on the remote host fails to
sanitize user input to the 'q' parameter of search requests before
including it in dynamic HTML output. An attacker may be able to
leverage this issue to inject arbitrary HTML and script code into a
user's browser to be executed within the security context of the
See also :
Apply the code fix referenced in revision 668737 from the Subversion
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true