lang:

JSP

regex:

\<\%=\s*request\.get(?!(Parameter|QueryString)).*\(

description:

Possible Cross Site Scripting via request object in JSP
tags:
xss
results