The host is installed with Apache Continuum or Apache Archiva and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications which is caused by improper validation of user-supplied input. Successful exploitation allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table.