The host is installed with Apple QuickTime before 7.7.1 and is prone to cross site scripting vulnerability. A flaw is present in the application, which fails to handle HTML documents that contain an http link to a script file. Successful exploitation could allow attackers to inject arbitrary script.