EPSS
Percentile
93.6%
Apache Pluto Portal is vulnerable to cross-site scripting (XSS) attack. The input fields to construct a resource URL of the Chat Room are not sanitized properly, allowing an attacker to inject arbitrary script through it.
issues.apache.org/jira/browse/PLUTO-752
portals.apache.org/pluto/security.html
www.exploit-db.com/exploits/46759