Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting XSS attacks via a 1 line separator or 2 paragraph separator Unicod...