XSS: Servlet reflected cross site scripting vulnerability (XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER)

This code directly writes an HTTP parameter to Servlet output, which allows for a reflected cross site scripting vulnerability. See http://en.wikipedia.org/wiki/Cross-site_scripting for more information.

FindBugs looks only for the most blatent, obvious cases of cross site scripting. If FindBugs found any, you almostly certainly have more cross site scripting vulnerabilities that FindBugs doesn't report. If you are concerned about cross site scripting, you should seriously consider using a commercial static analysis or pen-testing tool, such as those provided by Fortify Software, a sponsor of the FindBugs project. If your software is open source, Fortify will scan your code for free as part of the JOR (Java Open Review) effort.