Description
The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact
Remediation
References
https://lists.apache.org/thread/x7kt47bf358x8sg9qg02zt0dmdrtow25
Related Vulnerabilities
CVE-2023-31066 Vulnerability in maven package org.apache.inlong:manager-service
CVE-2022-4147 Vulnerability in maven package io.quarkus:quarkus-vertx-http-deployment
CVE-2019-10344 Vulnerability in maven package io.jenkins:configuration-as-code
CVE-2019-0188 Vulnerability in maven package org.apache.camel:camel-xmljson
CVE-2019-1003058 Vulnerability in maven package org.jvnet.hudson.plugins:ftppublisher