Cross-site Scripting in Apache Pluto
Moderate severity
GitHub Reviewed
Published
Jan 8, 2022
to the GitHub Advisory Database
•
Updated May 22, 2025
Package
Affected versions
< 3.1.1
Patched versions
3.1.1
Description
Published by the National Vulnerability Database
Jan 6, 2022
Reviewed
Jan 7, 2022
Published to the GitHub Advisory Database
Jan 8, 2022
Last updated
May 22, 2025
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.
References