CVE-2021-36739
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.apache.portals.pluto/pluto-container
Identifiers
CVE-2021-36739
Package Slug
maven/org.apache.portals.pluto/pluto-container
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
The "first name" and "last name" fields of the Apache Pluto MVCBean JSP portlet maven archetype is vulnerable to Cross-Site Scripting (XSS) attacks.
Affected Versions
Version 3.1.0
Solution
Upgrade to version 3.1.1 or above.
Last Modified
2022-01-13
| source |