This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
A web application running on the remote Windows host has a cross-site
The version of Remote Desktop Web Access running on the remote host
has a reflected cross-site scripting vulnerability. Input to the
'ReturnUrl' parameter of login.aspx is not properly sanitized.
A remote attacker could exploit this by tricking a user into
requesting a maliciously crafted URL, resulting in arbitrary script
See also :
Microsoft has released a patch for Windows 2008 R2.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true