Another XSS vulnerability in GWC

Description

Running

yields an answer with unescaped HTML:

Looks like the problem is similar to GEOS-7549.

Environment

Tomcat 7, OpenJDK 1.8.0_102

Status

Assignee

Unassigned

Reporter

Juraj Hrubsa

Triage

None

Fix versions

Affects versions

Components

Priority

Medium
Configure