VncViewer Plugin 1.7 and earlier does not escape a parameter value in the checkVncServ
form validation endpoint output.
This results in a reflected cross-site scripting (XSS) vulnerability.
VncViewer Plugin 1.8 escapes the parameter value in the output.