...
The Apache GERONIMO-1474 vulnerability, reported in January 2006, allowed attackers to submit URLs containing JavaScript. The Web-Access-Log viewer failed to sanitize the data it forwarded to the administrator console, thereby enabling a classic XSS attack.
Related Guidelines
Bibliography
| [OWASP 2008] | How to Add Validation Logic to HttpServletRequest XSS (Cross Site Scripting) Prevention Cheat Sheet |
| [OWASP 2011] | Cross-site Scripting (XSS) |
...