Input validation has to occur on the application to defend against cross-site scripting attacks which would allow foreign scripts to execute on user session in the logged in browser's context. This can be leveraged by attackers to steal session information and sensitive data.
Set the system property "glide.ui.escape_text" to true.
Time to fix
This rule is linked to Common Weakness Enumeration CWE-150 Improper Neutralization of Escape.