PT-2022-10541 · Apache · Apache Pluto

Neil Griffin

Published

2022-01-06

Updated

2022-01-12

CVE-2021-36738

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache Pluto Applicant MVCBean CDI portlet versions prior to 3.1.1

Description The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks.

Recommendations For versions prior to 3.1.1, migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-36738

GHSA-JG6J-JRXV-2HH9

Affected Products

Apache Pluto

PT-2022-10541 · Apache · Apache Pluto

CVE-2021-36738

Weakness Enumeration

Related Identifiers

Affected Products

References · 8