CVE-2021-36739

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/org.apache.portals.pluto/pluto-portal

Identifiers

GHSA-3qp6-m7hp-jrwf, CVE-2021-36739

Package Slug

maven/org.apache.portals.pluto/pluto-portal

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.

Affected Versions

All versions before 3.1.1

Solution

Upgrade to version 3.1.1 or above.

Last Modified

2022-01-11

source