org.apache.portals.pluto.demo:v3-demo-portlet is vulnerable to cross-site scripting (XSS). The library does not properly escape the user input parameters in UrlTestPortlet
, allowing a remote attacker to inject and execute malicious javascript.
CPE | Name | Operator | Version |
---|---|---|---|
v3-demo-portlet | eq | 3.1.0 | |
v3-demo-portlet | eq | 3.1.0 |