oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2021-36737: Apache Portals: XSS in V3 Demo Portlet

From: Neil Griffin <asfgriff () apache org>
Date: Wed, 5 Jan 2022 18:30:38 -0500
Severity: low

Description:

The input fields of the Apache Pluto UrlTestPortlet are vulnerable to
Cross-Site Scripting (XSS) attacks.  Users should migrate to version 3.1.1
of the v3-demo-portlet.war artifact

Mitigation:

* Uninstall the v3-demo-portlet.war artifact
   -or-
* Migrate to version 3.1.1 of the v3-demo-portlet.war artifact

Credit:

Thanks to Dhiraj Mishra for reporting.
Previous By Date Next
Previous By Thread Next

Current thread: