Vulnerabilities > Apache > Pluto
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-06 | CVE-2021-36737 | Cross-site Scripting vulnerability in Apache Pluto The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. | 6.1 |
| 2022-01-06 | CVE-2021-36738 | Cross-site Scripting vulnerability in Apache Pluto The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. | 6.1 |
| 2022-01-06 | CVE-2021-36739 | Cross-site Scripting vulnerability in Apache Pluto 3.1.0 The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks. | 6.1 |
| 2020-10-12 | CVE-2020-15250 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. | 5.5 |
| 2019-04-26 | CVE-2019-0186 | Cross-site Scripting vulnerability in Apache Pluto 3.0.0/3.0.1 The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. | 6.1 |
| 2018-06-27 | CVE-2018-1306 | Information Exposure vulnerability in Apache Pluto 3.0.0 The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. | 7.5 |