Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
http://www.securityfocus.com/bid/12775
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200314-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57742-1