#29199 XSS vulnerability in /jsp/openapi/server/displayAPISpec.jsp

enhancement

minor

#28915

Update GWT to version 2.12

defect

critical

#29199

XSS vulnerability in /jsp/openapi/server/displayAPISpec.jsp

major

#28674

Security issues in the UMLJS project

#29107

StackOverflowError when rolling back in the transaction monitor

minor

#27850

Modelleditor swallows classification with a less-than sign in the name

#29112

Update minimatch and serialize-javascript to fix CVE-2026-27903, CVE-2026-27904, and GHSA-5c6j-r48x-rmvq

#29197

Eclipse error after dependency update: maven-jar-plugin 3.5.0 causes "outside of a scoping block" error in m2e

update

critical

#29110

Update dependency com.fasterxml.jackson.core:jackson-core to v2.21.1 [SECURITY]

defect

critical

#29199

XSS vulnerability in /jsp/openapi/server/displayAPISpec.jsp

SecurityIssue XSS

In /jsp/openapi/server/displayAPISpec.jsp, a parameter is passed unquoted directly into a JavaScript string literal. An attacker can thus execute any JavaScript.

There are also some JSPs that write unquoted request parameters to the JSP.