319 matches found
Apache Pluto Cross-Site Scripting Vulnerability (CNVD-2022-02486)
A cross-site scripting vulnerability exists in Apache Pluto UrlTestPortlet, the Apache Foundation's runtime environment for a set of Portlet containers, which stems from the fact that the input fields of Apache Pluto UrlTestPortlet are vulnerable to cross-site scripting XSS attack. No details of...
GHSA-3QP6-M7HP-JRWF Cross-site Scripting in Apache Pluto
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting XSS attacks...
Cross-site Scripting in Apache Pluto
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting XSS attacks...
GHSA-X588-G38J-F672 Cross-site Scripting in Apache Pluto
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact...
Cross-site Scripting in Apache Pluto
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact...
GHSA-JG6J-JRXV-2HH9 Cross-site Scripting in Apache Pluto
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact...
Cross-site Scripting in Apache Pluto
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact...
Apache Pluto Cross-Site Scripting Vulnerability (CNVD-2022-02488)
Apache Pluto is a runtime environment for a set of Portlet containers from the Apache Foundation.Apache Pluto in version 3.1.0 has a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the first name and last name fields. An...
Cross-site Scripting (XSS)
org.apache.portals.pluto.demo:v3-demo-portlet is vulnerable to cross-site scripting XSS. The library does not properly escape the user input parameters in UrlTestPortlet, allowing a remote attacker to inject and execute malicious javascript...
CVE-2021-36737
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact...
CVE-2021-36738
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact...
CVE-2021-36737
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact...
CVE-2021-36738
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact...
CVE-2021-36739
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting XSS attacks...
CVE-2021-36739
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting XSS attacks...
Cross site scripting
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact...
Cross site scripting
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting XSS attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact...
Cross site scripting
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting XSS attacks...
CVE-2021-36739
CVE-2021-36739 affects Apache Pluto 3.1.0 MVCBean JSP portlet Maven archetype. The firstName and lastName fields are vulnerable to Cross-Site Scripting (XSS) due to insufficient escaping/validation in user input, allowing injected JavaScript to be executed on the client. Multiple sources corrobor...
CVE-2021-36739 XSS vulnerability in the MVCBean JSP portlet maven archetype
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting XSS attacks...