You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Neil Griffin <as...@apache.org> on 2022/01/05 23:23:52 UTC

CVE-2021-36737: Apache Portals: XSS in V3 Demo Portlet

Severity: low

Description:

The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks.  Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact

Mitigation:

* Uninstall the v3-demo-portlet.war artifact
   -or-
* Migrate to version 3.1.1 of the v3-demo-portlet.war artifact

Credit:

Thanks to Dhiraj Mishra for reporting.