This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
The remote host is running a web application that is affected by
multiple cross-site scripting vulnerabilities.
The web application on the remote host is vulnerable to cross-site
scripting attacks. This is likely due to a vulnerable version of
Apache Struts that fails to properly encode the parameters in the
's:a' and 's:url' tags.
A remote attacker could exploit this by tricking a user into
requesting a page with arbitrary script code injected. This could have
consequences such as stolen authentication credentials.
See also :
Upgrade to Struts version 2.1.1 / 220.127.116.11 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true