Our application uses IceFaces 1.8 and Seam 2.1.1 GA.
We subcontracted a company to run a security vulnerabilities check
and they came up with 5 problems connected with ice.view parameter.
We don't have control over it and I was wondering if anyone has an idea of how to prevent cross-site scripting or vulnerable parameter problems connected to ice.view. We were able to reproduce it using Tamper Data. Here is an example from the report:
Vulnerable Parameter: ice.view
Original Value: 11
Attack Type: Unfiltered xml