Maven package
org.apache.portals.pluto/pluto-portal
pkg:maven/org.apache.portals.pluto/pluto-portal
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-36739 | — | < 3.1.1 | 3.1.1 | Jan 6, 2022 | The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks. | ||
| CVE-2021-36738 | — | < 3.1.1 | 3.1.1 | Jan 6, 2022 | The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact | ||
| CVE-2021-36737 | — | < 3.1.1 | 3.1.1 | Jan 6, 2022 | The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact |
- CVE-2021-36739Jan 6, 2022affected < 3.1.1fixed 3.1.1
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.
- CVE-2021-36738Jan 6, 2022affected < 3.1.1fixed 3.1.1
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact
- CVE-2021-36737Jan 6, 2022affected < 3.1.1fixed 3.1.1
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact