source: https://www.securityfocus.com/bid/9112/info
A number of cross-site scripting vulnerabilities have been reported for Macromedia Jrun, specifically in the administrative interface. The problem is said to occur due to insufficient sanitization of URI parameters that may be passed to the page by an unauthenticated user.
Successful exploitation of this issue could potentially allow an attacker to steal an administrators authentication credentials, likely leading to further malicious actions taking places.
http://www.example.com:8000/server/<your server>/webserver/webserverlist.jsp?action=start&externalWebServer=DefaultDomain%3aservice%3d<script code>
http://www.example.com:8000/clusterframe.jsp?cluster=<script code>