Pluto Security Vulnerabilities and Issues — Pluto CVE List

Lucene search

ApachePluto

4 matches found

CVE•added 2019/04/26 4:29 p.m.•93 views

CVE-2019-0186

The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file

6.1CVSS5.9AI score0.07952EPSS

CVE•added 2022/01/06 9:15 a.m.•52 views

CVE-2021-36739

The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.

6.1CVSS5.9AI score0.15929EPSS

CVE•added 2022/01/06 9:15 a.m.•49 views

CVE-2021-36737

The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact

6.1CVSS5.9AI score0.15929EPSS

CVE•added 2022/01/06 9:15 a.m.•48 views

CVE-2021-36738

The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact

6.1CVSS5.9AI score0.15929EPSS