DWR has a reported XSS security hole in it

CONF-11808 outlines the problem.

We need to look into getting DWR versions updated in JIRA