DEFAULT HTML ESCAPE INVALID

Feature Value
Type Detection
Risk OWASP A6
Covered by Agent

Applications based on Spring tags do not escape by default but it is a good practice to activate it in web.xml as it reduces the likelihood of a XSS attack

<context-param>
    <param-name>defaultHtmlEscape</param-name>
    <param-value>true</param-value>
</context-param>

More information

How to solve it

Set defaultHtmlEscape parameter to activate HTML escaping by default