CVE-2021-36739

Name of the Vulnerable Software and Affected Versions Apache Pluto version 3.1.0

Description The issue concerns Cross-Site Scripting (XSS) attacks, which occur when an attacker injects malicious code into a website, allowing them to steal user data or take control of the user's session. In this case, the first name and last name fields of the Apache Pluto MVCBean JSP portlet maven archetype are vulnerable to such attacks.

Recommendations For Apache Pluto version 3.1.0, consider validating and sanitizing user input for the first name and last name fields to prevent XSS attacks. As a temporary workaround, restrict user input to only allow expected characters and formats for these fields until a patch is available.