Cross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the (1) _com_liferay_journal_web_portlet_JournalPortlet_name or (2) _com_liferay_document_library_web_portlet_DLAdminPortlet_name parameter.
References
Link | Resource |
---|---|
https://issues.liferay.com/browse/LPE-17100 | Patch Vendor Advisory |
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747972 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-08-03 12:15
Updated : 2021-08-11 07:31
NVD link : CVE-2021-33328
Mitre link : CVE-2021-33328
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
liferay
- liferay_portal
- dxp