Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter.
References
Link | Resource |
---|---|
https://issues.liferay.com/browse/LPE-17211 | Patch Vendor Advisory |
http://liferay.com | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-06-09 12:15
Updated : 2021-06-15 18:08
NVD link : CVE-2021-29049
Mitre link : CVE-2021-29049
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
liferay
- dxp