cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-32533,https://securityvulnerability.io/vulnerability/CVE-2022-32533,"Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues","Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option ""xss.filter.post = true"" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue",Apache,Apache Portals,9.8,CRITICAL,0.004259999841451645,false,,false,false,false,,,false,false,,2022-07-06T09:40:12.000Z,0
CVE-2021-36739,https://securityvulnerability.io/vulnerability/CVE-2021-36739,XSS vulnerability in the MVCBean JSP portlet maven archetype,"The ""first name"" and ""last name"" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks.",Apache,Apache Portals,6.1,MEDIUM,0.0019399999873712659,false,,false,false,false,,,false,false,,2022-01-06T08:50:16.000Z,0
CVE-2021-36738,https://securityvulnerability.io/vulnerability/CVE-2021-36738,XSS vulnerability in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet,The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact,Apache,Apache Portals,6.1,MEDIUM,0.0019399999873712659,false,,false,false,false,,,false,false,,2022-01-06T08:50:15.000Z,0
CVE-2021-36737,https://securityvulnerability.io/vulnerability/CVE-2021-36737,XSS in V3 Demo Portlet,The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact,Apache,Apache Portals,6.1,MEDIUM,0.002749999985098839,false,,false,false,false,,,false,false,,2022-01-06T08:50:13.000Z,0
CVE-2021-43410,https://securityvulnerability.io/vulnerability/CVE-2021-43410,airavata-django-portal allows CRLF log injection because of the lack of escaping in the log statements,"Apache Airavata Django Portal allows CRLF log injection because of lack of escaping log statements. In particular, some HTTP request parameters are logged without first being escaped. Versions affected: master branch before commit 3c5d8c7 [1] of airavata-django-portal [1] https://github.com/apache/airavata-django-portal/commit/3c5d8c72bfc3eb0af8693a655a5d60f9273f8170",Apache,Apache Airavata Django Portal,5.3,MEDIUM,0.0015899999998509884,false,,false,false,false,,,false,false,,2021-12-09T09:00:12.000Z,0