This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
A remote web application is vulnerable to a cross-site scripting
The remote web server hosts struts-cookbook, a demonstration
application for the Struts framework. Input passed via the 'message'
parameter to the 'processSimple.do' page is not properly sanitized
before using it to generate dynamic HTML.
By tricking someone into clicking on a specially crafted link, an
attacker may be able exploit this to inject arbitrary HTML and script
code into a user's browser to be executed within the security context
of the affected site.
See also :
Remove or restrict access to the Struts-cookbook application.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.1
Public Exploit Available : true