Description
Railo is an open-source alternative to the popular Coldfusion application server, implementing a FOSSy CFML engine and application server. Multiple critical vulnerabilities were reported in this application server. This test has confirmed a cross-site scripting vulnerability in the administration panel.
Remediation
Upgrade to the latest version of Railo.
References
Related Vulnerabilities
WordPress Plugin eHive Object Details Cross-Site Scripting (2.1.6)
WordPress Plugin Easy2Map Photos Cross-Site Scripting (2.0.6)
WordPress Plugin World of Warcraft-Armory Table Cross-Site Scripting (0.2.5)
WordPress Plugin 1 Flash Gallery Cross-Site Scripting and SQL Injection Vulnerabilities (0.2.5)
WordPress Plugin Delete Comments By Status Multiple Cross-Site Scripting Vulnerabilities (1.5.2)