Description
The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact
Remediation
References
https://lists.apache.org/thread/11j19v1gjsk7o6o8nch1xrydow9b8lll
Related Vulnerabilities
CVE-2022-34213 Vulnerability in maven package org.jenkins-ci.plugins:squashtm-publisher
CVE-2022-26336 Vulnerability in maven package org.apache.poi:poi-scratchpad
CVE-2015-0250 Vulnerability in maven package batik:batik-dom
CVE-2023-34149 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2014-0193 Vulnerability in maven package io.netty:netty-codec-http