we found few vulnaribilities. If you append this

http://yourdomainname.com:8080//search/suggestOpenSearch?q=%27"%28%29%26%251<ScRiPt%20>prompt%28'VULN'%29<%2fScRiPt>

Is Vulnerable To Cross Site Scripting

This vulnerability affects /search/suggestOpenSearch
on Parametter ?q=

HTTP Parameter Pollution on builds /loginError

HPP attacks consist of injecting encoded query string delimiters into other existing parameters. If the web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either clientside or server-side attacks.

Attack details

This vulnerability affects /j_acegi_security_check.

URL encoded POST input from was set to &n990198=v931935
Parameter precedence: last occurrence
Affected link: login?from=&n990198=v931935
Affected parameter: from=

The impact depends on the affected web application. An attacker could

Override existing hardcoded HTTP parameters
Modify the application behaviors
Access and, potentially exploit, uncontrollable variables
Bypass input validation checkpoints and WAFs rules