CVE-2022-42466: Apache Isis: XSS vulnerability, eg for String properties.

[Dan Haywood <danhaywood () apache org>]

Severity: important

Description:

Prior to 2.0.0-M9, it was possible for an end-user to set the value of
an editable string property of a domain object to a value that would
be rendered unchanged when the value was saved.  In particular, the
end-user could enter javascript or similar and this would be executed.

As of this release, the inputted strings are properly escaped when rendered.

Credit:

Apache Isis would like to thank Qing Xu for reporting this issue