EPSS
Percentile
57.4%
org.apache.portals.pluto.demo:v3-demo-portlet is vulnerable to cross-site scripting (XSS). The library does not properly escape the user input parameters in UrlTestPortlet, allowing a remote attacker to inject and execute malicious javascript.
UrlTestPortlet
lists.apache.org/thread/x7kt47bf358x8sg9qg02zt0dmdrtow25