The host is installed with Apache Archiva and is prone to multiple cross-site scripting vulnerabilities. The flaws are present in the application which fails to properly validate user-supplied input before using it in dynamically generated content. Successful exploitation allows remote attacker to steal cookie-based authentication credentials.