The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact
[
{
"product": "Apache Portals",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "org.apache.portals.pluto:PortletV3Demo 3.0.0"
},
{
"status": "affected",
"version": "org.apache.portals.pluto:PortletV3Demo 3.0.1"
},
{
"status": "affected",
"version": "org.apache.portals.pluto.demo:v3-demo-portlet 3.1.0"
}
]
}
]