This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.
The remote host is running a web application that is affected by
multiple cross-site scripting vulnerabilities.
The web application on the remote host is affected by a cross-site
scripting vulnerability due to a vulnerable version of Apache Struts 2
that fails to properly encode the parameters in the 's:a' and 's:url'
A remote attacker can exploit this by tricking a user into requesting
a page with arbitrary script code injected. This could have
consequences such as stolen authentication credentials.
See also :
Upgrade to Struts version 2.1.1 / 22.214.171.124 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true