You are viewing a plain text version of this content. The canonical link for it is here.

Posted to pluto-user@portals.apache.org by Neil Griffin <as...@apache.org> on 2022/01/05 23:32:51 UTC

CVE-2021-36738: XSS vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet

Severity: moderate

Description:

The input fields in the JSP version of the Apache Pluto Applicant MVCBean
CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users
should migrate to version 3.1.1 of the
applicant-mvcbean-cdi-jsp-portlet.war artifact

Mitigation:

* Uninstall the applicant-mvcbean-cdi-jsp-portlet.war artifact
-or-
* Migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war
artifact