From e141828a4eb03e4b0224535eed12b5c463a24152 Mon Sep 17 00:00:00 2001
From: Jackson Henry <54763344+JHHAX@users.noreply.github.com>
Date: Thu, 8 Oct 2020 14:18:25 +1100
Subject: [PATCH] Fixed Reflected XSS Vuln

Velocity Tools has an automatically generated error page, which echoes back the file name unescaped. This commit sanitizes user input and fixes the XSS Vulnerability!

Updated XSS Vuln fix (used StringEscapeUtils)
---
 .../org/apache/velocity/tools/view/VelocityViewServlet.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/apache/velocity/tools/view/VelocityViewServlet.java b/src/main/java/org/apache/velocity/tools/view/VelocityViewServlet.java
index aff9b71d7..325ab0bba 100644
--- a/src/main/java/org/apache/velocity/tools/view/VelocityViewServlet.java
+++ b/src/main/java/org/apache/velocity/tools/view/VelocityViewServlet.java
@@ -460,7 +460,7 @@ protected void error(HttpServletRequest request,
             html.append("<head><title>Error</title></head>\n");
             html.append("<body>\n");
             html.append("<h2>VelocityView : Error processing a template for path '");
-            html.append(path);
+            html.append(StringEscapeUtils.escapeHtml(path));
             html.append("'</h2>\n");
 
             Throwable cause = e;