There are two such Sun Alerts for XSS, one is for Search and the other is for Advanced Search.
You can see Search like below:
and Advanced Search as follows:
You can see the Sun Alerts at
The best is to upgrade to the latest SPs as listed in above Sun Alerts.
In case you cannot upgrade right now, and need to do the workarounds for now (then upgrade later), then please remember to do workarounds for BOTH Sun Alerts, e.g.
To work around the described issue, edit the default search web
application file named "index.jsp" which is
"<WS-install>/lib/webapps/search/index.jsp" to remove the
line containing the text
and for Advanced Search,
The following file can be edited to workaround this issue:
by removing the following lines:
<input type=hidden name="next"
I saw some only do one, but not the other. So, try to write this here , so you know you need to do BOTH Sun Alerts.