CVE-2021-36737

🗓️ 06 Jan 2022 08:50:13Reported by apacheType

Apache Pluto UrlTestPortlet XSS vulnerability fix in v3-demo-portlet.war v3.1.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-36737	6 Jan 202212:40	–	circl
CNNVD	Apache Pluto 跨站脚本漏洞	6 Jan 202200:00	–	cnnvd
CNVD	Apache Pluto Cross-Site Scripting Vulnerability (CNVD-2022-02486)	10 Jan 202200:00	–	cnvd
Cvelist	CVE-2021-36737 XSS in V3 Demo Portlet	6 Jan 202208:50	–	cvelist
Github Security Blog	Cross-site Scripting in Apache Pluto	8 Jan 202200:46	–	github
NVD	CVE-2021-36737	6 Jan 202209:15	–	nvd
OSV	CVE-2021-36737	6 Jan 202209:15	–	osv
OSV	GHSA-X588-G38J-F672 Cross-site Scripting in Apache Pluto	8 Jan 202200:46	–	osv
Prion	Cross site scripting	6 Jan 202209:15	–	prion
RedhatCVE	CVE-2021-36737	22 May 202519:59	–	redhatcve

NVD

Vulners

Node

apache plutoRange<3.1.1

[
  {
    "product": "Apache Portals",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "org.apache.portals.pluto:PortletV3Demo 3.0.0"
      },
      {
        "status": "affected",
        "version": "org.apache.portals.pluto:PortletV3Demo 3.0.1"
      },
      {
        "status": "affected",
        "version": "org.apache.portals.pluto.demo:v3-demo-portlet 3.1.0"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/x7kt47bf358x8sg9qg02zt0dmdrtow25

21 Nov 2024 06:13Current

5.9Medium risk

Vulners AI Score5.9

CVSS 24.3

CVSS 3.16.1

EPSS0.0601

CWE-79