Cross-Site Scripting Vulnerability in Apache Pluto Chat Room Demo Portlet
CVE-2019-0186

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Apache Pluto
Vendor: CVE Published:; 26 April 2019

What is CVE-2019-0186?

The Apache Pluto Chat Room demo portlet versions 3.0.0 and 3.0.1 suffer from Cross-Site Scripting (XSS) vulnerabilities due to unsanitized input fields. Attackers can exploit these vulnerabilities by injecting malicious scripts, which might compromise user data and session integrity. It is recommended to either uninstall the affected ChatRoomDemo war file or to upgrade to version 3.1.0 to mitigate this security risk.