CVE-2021-36738

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.apache.portals.pluto/pluto-container

Identifiers

CVE-2021-36738

Package Slug

maven/org.apache.portals.pluto/pluto-container

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet is vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to of the applicant-mvcbean-cdi-jsp-portlet.war artifact

Affected Versions

All versions before 3.1.1

Solution

Upgrade to version 3.1.1 or above.

Last Modified

2022-01-13

source