CVE-2021-36737
published 2022-01-06CVE-2021-36737: The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | pluto | < 3.1.1 | 3.1.1 |
| apache_software_foundation | apache_portals | — | — |
| apache_software_foundation | apache_portals | — | — |
| apache_software_foundation | apache_portals | — | — |