A cross-scripting vulnerability exists in multiple versions of the Plumtree corporate portal. A malicious user could use JavaScript embedded in a Web page to exploit the flaw and cause the server to expose sensitive information. A patch is available from the Plumtree support site:http://www.plumtree.com/company/technical_support.htm