The host is installed with Oracle Java SE 5 Update 17 or earlier, 6 Update 12 or earlier or 1.4.2_19 or earlier and is prone to cross-site scripting vulnerability. A flaw is present in the applications, which fails to properly handle unknown vectors related to LiveConnect. Successful exploitation allows user-assisted attackers to bypass intended access restrictions.