A cross-site scripting vulnerability exists in Apache Pluto UrlTestPortlet, the Apache Foundation’s runtime environment for a set of Portlet containers, which stems from the fact that the input fields of Apache Pluto UrlTestPortlet are vulnerable to cross-site scripting (XSS) attack. No details of the vulnerability are available at this time.