CVE-2020-15250

CVE-2020-15250 affects JUnit4 TemporaryFolder information disclosure in Unix-like environments where the system tmp dir is shared among users. Affected: JUnit4 versions before 4.13.1; fixed in 4.13.1 for Java 7+; Java 6 and earlier have no patch. Workarounds include running tests with a dedicated...

CVE-2019-0186

Apache Pluto Chat Room Demo Portlet vulnerability CVE-2019-0186 is a Cross-Site Scripting (XSS) issue in versions 3.0.0 and 3.0.1. Attackers can inject HTML into the Name/Message fields, which is reflected in the page. Mitigation: uninstall the ChatRoomDemo WAR or upgrade to version 3.1.0. No exp...

CVE-2018-1306

Apache Pluto (Portals Pluto) 3.0.0, specifically the PortletV3AnnotatedDemo Multipart Portlet WAR, is affected. The root cause is failure to restrict path information during file uploads, leading to information disclosure of configuration data and other sensitive files. The CVE-2018-1306 entry in...

CVE-2021-36739

CVE-2021-36739 affects Apache Pluto 3.1.0 MVCBean JSP portlet Maven archetype. The firstName and lastName fields are vulnerable to Cross-Site Scripting (XSS) due to insufficient escaping/validation in user input, allowing injected JavaScript to be executed on the client. Multiple sources corrobor...

CVE-2021-36737

CVE-2021-36737 affects Apache Pluto UrlTestPortlet within the v3-demo-portlet.war. The input fields are vulnerable to Cross-Site Scripting (XSS) due to insufficient input escaping in UrlTestPortlet, enabling injection of script code. The issue is documented across multiple feeds (NVD/Red Hat/CNVD...

CVE-2021-36738

The CVE-2021-36738 entry describes a Cross‑Site Scripting (XSS) vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet. The issue arises in input fields and is mitigated by upgrading to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact. Affected produ...