Lucene search
China National Vulnerability DatabaseCNVD-2022-02488HistoryJan 08, 2022 - 12:00 a.m.
Apache Pluto Cross-Site Scripting Vulnerability (CNVD-2022-02488)
2022-01-0800:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
apache pluto
cross-site scripting
version 3.1.0
data validation
javascript code
client side
EPSS
0.002
Percentile
57.4%
Apache Pluto is a runtime environment for a set of Portlet containers from the Apache Foundation.Apache Pluto in version 3.1.0 has a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the first name and last name fields. An attacker could exploit this vulnerability to execute JavaScript code on the client side.
Related
cvelist
cvelist
CVE-2021-36739 XSS vulnerability in the MVCBean JSP portlet maven archetype
2022-01-06 08:50:16
github
github
Cross-site Scripting in Apache Pluto
2022-01-08 00:46:21
osv
osv
Cross-site Scripting in Apache Pluto
2022-01-08 00:46:21
prion
prion
Cross site scripting
2022-01-06 09:15:00
nvd
nvd
CVE-2021-36739
2022-01-06 09:15:07
cve
cve
CVE-2021-36739
2022-01-06 09:15:07
veracode
veracode
Cross-site Scripting (XSS)
2022-01-10 03:29:59