<div class="width-20">
<div class="inputBlock clear">
<label>Select a month:
<form:select id="monthSelected" path="month"
items="${form.monthList}" itemLabel="label"
itemValue="value" />
</label>
</div>
</div>
I am getting this error:
taint_path_call: Form.getMonthList() returns the tainted data.All elements of the collection are considered tainted.This event occurs inside org.apache.jsp.WEB_002dINF.jsp.reports.reports_jsp._jspService(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse), for which no source code was found.
(#1 of 1): Cross-site scripting (XSS) 5. xss_injection_site: Adding ${form.monthList} to an HTML page allows cross-site scripting, because it was not properly sanitized for context HTML double quoted attribute.
monthList is a type of List<SelectOption>
