applicant-mvcbean-cdi-jsp-portlet is vulnerable to cross-site scripting. The library does not properly escape the user input parameters in confirmation.jspx
, allowing an attacker to inject and execute malicious javascript.
CPE | Name | Operator | Version |
---|---|---|---|
applicant-mvcbean-cdi-jsp-portlet | eq | 3.1.0 | |
applicant-mvcbean-cdi-jsp-portlet | eq | 3.1.0 |