The host is installed with Apple Mac OS X or Server 10.10.x through 10.10.4 and is prone to a cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle a previously visited web site that is rendered during a Quick Look search. Successful exploitation allows remote attackers to inject arbitrary web script or HTML.