JBoss BRMS prior to 5.1.0 has a XSS vulnerability via asset=UUID parameter.
redhat jboss business rules management system