Right now, continuum is vulnerable for cross-site scripting. See REDBACK-275 and REDBACK-276.
add validation to prevent xss attacks in xmlrpc
Applied patch in r1096681 with some modifications:
patch added for XSS vulnerability fixes with UT and Selenium Script
removed c:out inside <input> tags in r1091990
removed fn:escapeXml in r1091974
Will be adding additional validation for every action class' validation.xml and will be using regex to check if the user's input is not a possible XSS attack.
Will be revising the validation used in every actions in the continuum to prevent invalid inputs like possible XSS attacks. I will just attach my patch after I'm done.
Initial fix for this was implemented in http://jira.codehaus.org/browse/REDBACK-275 (included in 1.2.7)
Latest community issue in Redback for this issue http://jira.codehaus.org/browse/REDBACK-276