Lucene search
ApacheCVELIST:CVE-2021-36738HistoryJan 06, 2022 - 8:50 a.m.
CVE-2021-36738 XSS vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet
2022-01-0608:50:15
CWE-79
apache
www.cve.org
3
xss vulnerability
apache pluto
applicant mvcbean cdi portlet
update required
cve-2021-36738
EPSS
0.002
Percentile
57.2%
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact
CNA Affected
[
{
"product": "Apache Portals",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "org.apache.portals.pluto.demo:applicant-mvcbean-cdi-jsp-portlet 3.1.0"
}
]
}
]Related
nvd
nvd
CVE-2021-36738
2022-01-06 09:15:07
osv
osv
Cross-site Scripting in Apache Pluto
2022-01-08 00:46:17
prion
prion
Cross site scripting
2022-01-06 09:15:00
cnvd
cnvd
Apache Pluto Cross-Site Scripting Vulnerability (CNVD-2022-04997)
2022-01-10 00:00:00
github
github
Cross-site Scripting in Apache Pluto
2022-01-08 00:46:17
veracode
veracode
Cross-site Scripting (XSS)
2022-01-07 03:41:30
cve
cve
CVE-2021-36738
2022-01-06 09:15:07