This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.
The remote web server hosts a web application that is vulnerable to a
cross-site scripting attack.
The remote web server is hosting a version of ViewVC that is affected
by a cross-site scripting vulnerability in the 'search' parameter of
the 'viewvc.cgi' script.
An attacker, exploiting this flaw, could execute arbitrary script code
in a user's browser.
Note that successful exploitation requires the regular expression
search functionality to be enabled. It is not by default.
See also :
Upgrade to ViewVC 1.1.5 / 1.0.11 or later.
Risk factor :
Low / CVSS Base Score : 2.6
CVSS Temporal Score : 2.1
Public Exploit Available : true