Apache Pluto Portal is vulnerable to cross-site scripting (XSS) attack. The input fields to construct a resource URL of the Chat Room are not sanitized properly, allowing an attacker to inject arbitrary script through it.
CPE | Name | Operator | Version |
---|---|---|---|
chatroomdemo | le | 3.0.1 |