Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 5 Jan 2022 18:30:38 -0500
From: Neil Griffin <>
Subject: CVE-2021-36737: Apache Portals: XSS in V3 Demo Portlet

Severity: low


The input fields of the Apache Pluto UrlTestPortlet are vulnerable to
Cross-Site Scripting (XSS) attacks.  Users should migrate to version 3.1.1
of the v3-demo-portlet.war artifact


* Uninstall the v3-demo-portlet.war artifact
* Migrate to version 3.1.1 of the v3-demo-portlet.war artifact


Thanks to Dhiraj Mishra for reporting.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.