oss-sec mailing list archives
CVE-2021-36738: XSS vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet
From: Neil Griffin <asfgriff () apache org>
Date: Wed, 5 Jan 2022 18:32:51 -0500
Severity: moderate Description: The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact Mitigation: * Uninstall the applicant-mvcbean-cdi-jsp-portlet.war artifact -or- * Migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact
Current thread:
- CVE-2021-36738: XSS vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet Neil Griffin (Jan 05)