oss-sec mailing list archives
CVE-2021-36737: Apache Portals: XSS in V3 Demo Portlet
From: Neil Griffin <asfgriff () apache org>
Date: Wed, 5 Jan 2022 18:30:38 -0500
Severity: low Description: The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact Mitigation: * Uninstall the v3-demo-portlet.war artifact -or- * Migrate to version 3.1.1 of the v3-demo-portlet.war artifact Credit: Thanks to Dhiraj Mishra for reporting.
Current thread:
- CVE-2021-36737: Apache Portals: XSS in V3 Demo Portlet Neil Griffin (Jan 05)