Date: Thu, 25 Apr 2019 14:24:44 -0400 From: Neil Griffin <asfgriff@...che.org> To: oss-security@...ts.openwall.com Subject: [CVE-2019-0186] The input fields of the Chat Room demo are vulnerable to Cross-Site Scripting (XSS) attacks The input fields of the Apache Pluto "Chat Room" demo portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Versions Affected: 3.0.0, 3.0.1 Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file For more information about Apache Pluto security updates, visit: https://portals.apache.org/pluto/security.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.