CVE-2021-36737

The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact
References
Link Resource
https://lists.apache.org/thread/x7kt47bf358x8sg9qg02zt0dmdrtow25 Mailing List Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:pluto:*:*:*:*:*:*:*:*

Information

Published : 2022-01-06 01:15

Updated : 2022-01-12 12:24


NVD link : CVE-2021-36737

Mitre link : CVE-2021-36737


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

apache

  • pluto