EPSS
Percentile
57.4%
applicant-mvcbean-cdi-jsp-portlet is vulnerable to cross-site scripting. The library does not properly escape the user input parameters in confirmation.jspx, allowing an attacker to inject and execute malicious javascript.
confirmation.jspx
github.com/advisories/GHSA-jg6j-jrxv-2hh9
github.com/apache/portals-pluto/commit/1b0002e65c41c77d3c4371c7f6ade338eb4ca592
lists.apache.org/thread/11j19v1gjsk7o6o8nch1xrydow9b8lll