Description
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.
Remediation
References
https://lists.apache.org/thread/m5j87nn1lmvzp8b9lmh7gqq68g5lnb7p
Related Vulnerabilities
CVE-2014-0109 Vulnerability in maven package org.apache.cxf:cxf-bundle
CVE-2023-29199 Vulnerability in npm package vm2
CVE-2022-0225 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2019-6588 Vulnerability in maven package com.liferay:com.liferay.captcha.taglib
CVE-2022-34777 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-plugin