Multiple cross-site scripting (XSS) flaws were found in the GateIn component caused by the improper escaping of single quotation marks in the URL. A remote attacker could provide a specially-crafted URL that, when visited, would lead to arbitrary HTML or web script injection.
This issue has been addressed in following products: Red Hat JBoss Portal 6.1.0 Via RHSA-2013:1843 https://rhn.redhat.com/errata/RHSA-2013-1843.html