CVE-2021-36738

Published: Jan 6, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact

Vendor	Product	Versions
Apache Software Foundation	Apache Portals	affected `org.apache.portals.pluto.demo:applicant-mvcbean-cdi-jsp-portlet 3.1.0`

Weaknesses (CWE)

CWE-79

References

https://lists.apache.org/thread/11j19v1gjsk7o6o8nch1xrydow9b8lll

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-36738

Description

Affected Products

Weaknesses (CWE)

References