This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
A remote web application is vulnerable to a cross-site scripting
The remote web server hosts struts-examples, a demonstration
application for the Struts framework. Input passed via the 'theText'
POST parameter to the 'upload-submit.do' page is not properly
sanitized before using it to generate dynamic HTML.
By tricking someone into clicking on a specially crafted link, an
attacker may be able exploit this to inject arbitrary HTML and script
code into a user's browser to be executed within the security context
of the affected site.
See also :
Remove or restrict access to the Struts-examples application.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.1
Public Exploit Available : true