CVE-2019-0186

Published: Apr 26, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file

Vendor	Product	Versions
Apache Software Foundation	Apache Pluto	affected `3.0.0` affected `3.0.1`

References

https://portals.apache.org/pluto/security.html

x_refsource_MISC

[CVE-2019-0186] The input fields of the Chat Room demo are vulnerable to Cross-Site Scripting (XSS) attacks

mailing-list

x_refsource_MLIST

[CVE-2019-0186] The input fields of the Chat Room demo are vulnerable to Cross-Site Scripting (XSS) attacks

mailing-list

x_refsource_MLIST

[CVE-2019-0186] The input fields of the Chat Room demo are vulnerable to Cross-Site Scripting (XSS) attacks

mailing-list

x_refsource_MLIST

46759

exploit

x_refsource_EXPLOIT-DB

http://packetstormsecurity.com/files/152642/Apache-Pluto-3.0.0-3.0.1-Cross-Site-Scripting.html

x_refsource_MISC

108091

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-0186

Description

Affected Products

References