You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Neil Griffin <as...@apache.org> on 2022/01/05 23:23:52 UTC
CVE-2021-36737: Apache Portals: XSS in V3 Demo Portlet
Severity: low
Description:
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact
Mitigation:
* Uninstall the v3-demo-portlet.war artifact
-or-
* Migrate to version 3.1.1 of the v3-demo-portlet.war artifact
Credit:
Thanks to Dhiraj Mishra for reporting.