GHSA-jg6j-jrxv-2hh9, CVE-2021-36738
maven/org.apache.portals.pluto/pluto-portal
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact
All versions before 3.1.1
Upgrade to version 3.1.1 or above.
2022-01-11
source |