Spring Framework allow web applications to change the HTTP request method to any HTTP method using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user can use this filter to escalate to an XST attack.