/assessments/addDefaultVuln does not sanitize Name or Severity leading to possible security issues

The assessments.java function for addDefaultVuln requires both Name and Severity as user input values, however, does not perform any sanitization of these fields prior to writing to the assessment vulnerability table. Details is also allowed to be user defined, however, a decodeAndSanitize function is provides some protections prior to writing.
