A cross-site scripting vulnerability exists in the Apache Pluto Applicant MVCBean CDI portlet, which stems from the Apache Pluto Applicant MVCBean CDI runtime environment. portlet is vulnerable to cross-site scripting (XSS) attacks in the input fields of the JSP version of the portlet. No details of the vulnerability are currently available.