Following on the issue identified in ACCUMULO-4660, I verified that parameters to the REST-based monitor (ACCUMULO-3005) resources need sanitization as well.
All @PathParam and @QueryParam annotated fields should be sanitized.
Convert the monitor into a real REST server
New Monitor Validation fails for default tables
Trace servlet on monitor doesn't sanitize URL data
GitHub Pull Request #289