mvcbean-jsp-portlet-archetype is vulnerable to cross-site scripting. The library does not properly escape the user input firstName
and lastName
parameters in greeting.jspx
, allowing an attacker to inject and execute malicious javascript.
CPE | Name | Operator | Version |
---|---|---|---|
mvcbean-jsp-portlet-archetype | eq | 3.1.0 | |
mvcbean-jsp-portlet-archetype | eq | 3.1.0 |