Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The "first name" and "last name" fields of the Apache Pluto MVCBean JSP portlet maven archetype is vulnerable to Cross-Site Scripting (XSS) attacks.
Advisories for Maven/Org.apache.portals.pluto/Pluto-Container package
2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The input fields of the Apache Pluto UrlTestPortlet is vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to of the v3-demo-portlet.war artifact
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet is vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to of the applicant-mvcbean-cdi-jsp-portlet.war artifact
2019
Cross-site Scripting
The input fields of the Apache Pluto "Chat Room" demo portlet is vulnerable to Cross-Site Scripting (XSS) attacks.
2018
Information Exposure
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto allows a remote attacker to obtain sensitive information.