Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-0186

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
6.1MEDIUM
EPSS
5.8%
top 9.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apache Software Foundation Apache PlutoApache Pluto
Timeline
PublishedApr 26
Latest updateMay 24

Description

The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDapache/pluto3.0.0, 3.0.1+1
CVEListV5apache_software_foundation/apache_pluto3.0.0, 3.0.1+1

🔴Vulnerability Details

3
OSV
Cross-site Scripting in Apache Pluto Chatroom demo2022-05-24
GHSA
Cross-site Scripting in Apache Pluto Chatroom demo2022-05-24
CVEList
CVE-2019-0186: The input fields of the Apache Pluto "Chat Room" demo portlet 32019-04-26

💥Exploits & PoCs

1
Exploit-DB
Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting2019-04-26
CVE-2019-0186 (MEDIUM CVSS 6.1) | The input fields of the Apache Plut | cvebase.io