The remote Fedora host is missing a security update.
This update fixes a potential XSS vulnerability. A malicious user would need push access to the git server in order to exploit this issue. Refer to the cgit mailing list for : Numerous minor bugs are also fixed. For details, refer to the upstream release announcements for 0.9.0.1 and 0.9.0.2. http://hjemli.net/pipermail/cgit/2011-July/000276.html http://hjemli.net/pipermail/cgit/2011-June/000183.html http://hjemli.net/pipermail/cgit/2011-July/000273.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.