CVE-2021-36738

CVE-2021-36738: XSS vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet

Vendor Apache Software Foundation

Product Apache Portals

Weakness CWE-79 · XSS

Published January 6, 2022

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact

Key dates

Disclosure timeline

January 6, 2022 CVE published

August 4, 2024 Record updated