...
Failure to encode or escape output before it is displayed or passed across a trust boundary can result in the execution of arbitrary code.
Related
...
| MITRE 2009 | CWE ID 116, Improper encoding or escaping of output |
Related Vulnerabilities
The Apache GERONIMO-1474 vulnerability, reported in January 2006, allowed attackers to submit URLs containing JavaScript. The Web-Access-Log viewer failed to sanitize the data it forwarded to the administrator console, thereby enabling a classic XSS attack.
Related Guidelines
| MITRE 2009 | CWE-116, Improper encoding or escaping of output |
Bibliography
| [OWASP 2008] | How to Add Validation Logic to HttpServletRequest XSS (Cross Site Scripting) Prevention Cheat Sheet |
| [OWASP 2011] | Cross-site Scripting (XSS) |
...