XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions
This package does not perform appropriate encoding when a <h:outputText> tag or EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.