org.apache.isis is vulnerable to cross-site scripting. The vulnerability exists in multiple functions due to incorrectly neutralized user-controllable input allowing an attacker to inject and execute malicious JavaScript.
www.openwall.com/lists/oss-security/2022/10/19/2
blogs.apache.org/isis/entry/apache-isis-version-2-0
github.com/apache/isis/commit/33de85d7e40a01f120d8de2adf04d47687362bdd
github.com/apache/isis/commit/342255124635013194f63c41a7639f979b3340e8
github.com/apache/isis/commit/342255124635013194f63c41a7639f979b3340e8
github.com/apache/isis/commit/c6e9b392de073d1050b56d8209b7c3079d58c600
issues.apache.org/jira/browse/ISIS-3240
lists.apache.org/thread/83ftj5jgtv3mbm28w3trjyvd591jztrz
www.openwall.com/lists/oss-security/2022/10/19/2