You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@portals.apache.org by Neil Griffin <as...@apache.org> on 2022/01/05 23:32:51 UTC
CVE-2021-36738: XSS vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet
Severity: moderate
Description:
The input fields in the JSP version of the Apache Pluto Applicant MVCBean
CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users
should migrate to version 3.1.1 of the
applicant-mvcbean-cdi-jsp-portlet.war artifact
Mitigation:
* Uninstall the applicant-mvcbean-cdi-jsp-portlet.war artifact
-or-
* Migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war
artifact