CVE-2021-36738
published 2022-01-06CVE-2021-36738: The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | pluto | < 3.1.1 | 3.1.1 |
| apache_software_foundation | apache_portals | — | — |