apache tomcat xss vulnerabilities and exploits