Cross-site Scripting (XSS)

Apache Pluto Portal is vulnerable to cross-site scripting XSS attack. The input fields to construct a resource URL of the Chat Room are not sanitized properly, allowing an attacker to inject arbitrary script through it...