Description
The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.
Remediation
References
https://lists.apache.org/thread/m5j87nn1lmvzp8b9lmh7gqq68g5lnb7p
Related Vulnerabilities
CVE-2022-38179 Vulnerability in maven package io.ktor:ktor-utils
CVE-2023-30857 Vulnerability in npm package @aedart/support
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-dbcp-service
CVE-2022-42466 Vulnerability in maven package org.apache.isis.commons:isis-commons
CVE-2011-5057 Vulnerability in maven package org.apache.struts:struts2-core