53 matches found
EUVD-2022-5492
Malicious code in bioql PyPI...
CVE-2021-36739
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting XSS attacks...
CVE-2021-36737
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact...
CVE-2021-36738
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact...
GHSA-W47G-4VRC-M3W2 Cross-site Scripting in Apache Pluto Chatroom demo
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting XSS attacks. Mitigation: Uninstall the ChatRoomDemo war file - or - migrate to version 3.1.0 of the chat-room-demo war file...
Exposure of Sensitive Information in Apache Pluto
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...
GHSA-V49X-8HVM-Q347 Exposure of Sensitive Information in Apache Pluto
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...
Apache Pluto Cross-Site Scripting Vulnerability (CNVD-2022-04997)
A cross-site scripting vulnerability exists in the Apache Pluto Applicant MVCBean CDI portlet, which stems from the Apache Pluto Applicant MVCBean CDI runtime environment. portlet is vulnerable to cross-site scripting XSS attacks in the input fields of the JSP version of the portlet. No details o...
Apache Pluto Cross-Site Scripting Vulnerability (CNVD-2022-02486)
A cross-site scripting vulnerability exists in Apache Pluto UrlTestPortlet, the Apache Foundation's runtime environment for a set of Portlet containers, which stems from the fact that the input fields of Apache Pluto UrlTestPortlet are vulnerable to cross-site scripting XSS attack. No details of...
Cross-site Scripting in Apache Pluto
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting XSS attacks...
GHSA-3QP6-M7HP-JRWF Cross-site Scripting in Apache Pluto
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting XSS attacks...
GHSA-X588-G38J-F672 Cross-site Scripting in Apache Pluto
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact...
Cross-site Scripting in Apache Pluto
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact...
Cross-site Scripting in Apache Pluto
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact...
GHSA-JG6J-JRXV-2HH9 Cross-site Scripting in Apache Pluto
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact...
Apache Pluto Cross-Site Scripting Vulnerability (CNVD-2022-02488)
Apache Pluto is a runtime environment for a set of Portlet containers from the Apache Foundation.Apache Pluto in version 3.1.0 has a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the first name and last name fields. An...
CVE-2021-36738
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact...
CVE-2021-36739
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting XSS attacks...
CVE-2021-36737
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact...
CVE-2021-36737
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact...