An issue was discovered in springboot_authority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter.