...
Failure to encode or escape output before it is displayed or passed across a trust boundary can result in the execution of arbitrary code.
Related Guidelines
| MITRE 2009 | CWE ID 116 "Improper Encoding or Escaping of Output" |
Related Vulnerabilities
The Apache GERONIMO-1474 vulnerability, reported in January 2006, allowed attackers to submit URLs containing JavaScript. The Web-Access-Log viewer failed to sanitize the data it forwarded to the administrator console, thereby enabling a classic Cross-Site Scripting attack.
Bibliography
...
[OWASP 2008] How to add validation logic to HttpServletRequest, XSS (Cross Site Scripting) Prevention Cheat Sheet
[OWASP 2011] Cross-site Scripting (XSS)
...