Every CVE whose affected-product data names Apache Pluto, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2018-1306 — CVSS 7.5 (high): The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain…
CVE-2019-0186 — CVSS 6.1 (medium): The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks…
CVE-2021-36737 — CVSS 6.1 (medium): The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version…
CVE-2021-36738 — CVSS 6.1 (medium): The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks…
CVE-2021-36739 — CVSS 6.1 (medium): The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site…
CVE-2020-15250 — CVSS 4.4 (medium): In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix…