EPSS
Percentile
57.4%
mvcbean-jsp-portlet-archetype is vulnerable to cross-site scripting. The library does not properly escape the user input firstName and lastName parameters in greeting.jspx, allowing an attacker to inject and execute malicious javascript.
firstName
lastName
greeting.jspx
github.com/advisories/GHSA-3qp6-m7hp-jrwf
github.com/apache/portals-pluto/commit/660ad4301daf37e729c003fecf5bc4328db68796
lists.apache.org/thread/m5j87nn1lmvzp8b9lmh7gqq68g5lnb7p