This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
A web application on the remote host has a cross-site scripting
The Openfire admin console running on the remote host has a cross-site
scripting vulnerability. Input to the 'username' parameter of
'login.jsp' is not properly sanitized.
An attacker could exploit this by tricking a user into making a
specially crafted POST request, resulting in arbitrary script
execution in the user's browser.
This version of Openfire likely has other vulnerabilities, though
Nessus has not checked for those issues.
See also :
Upgrade to Openfire 3.7.0 beta or later.
Risk factor :
Medium / CVSS Base Score : 4.3