The host is installed with Microsoft Windows Server 2008 R2 or Microsoft Windows Server 2008 R2 SP1 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in Remote Desktop Web Access which fails to properly validate a URL parameter. Successful exploitation allows remote attackers to disclose information or execute arbitrary code.