This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.
A web application running on the remote Windows host has a cross-site
The version of Remote Desktop Web Access running on the remote host has
a reflected cross-site scripting vulnerability. Input to the
'ReturnUrl' parameter of login.aspx is not properly sanitized.
A remote attacker could exploit this by tricking a user into requesting
a maliciously crafted URL, resulting in arbitrary script code
See also :
Microsoft has released a patch for Windows 2008 R2.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true