CVE-2019-0186
published 2019-04-26CVE-2019-0186: The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | pluto | — | — |
| apache | pluto | — | — |
| apache_software_foundation | apache_pluto | — | — |
| apache_software_foundation | apache_pluto | — | — |