CVE-2021-29048
Published May 17, 2021
Last updated 3 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_name parameter.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:liferay:dxp:7.2:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8CAAE1B7-982E-4D50-9651-DEEE6CD74EED"
},
{
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AFCF99EC-3384-418D-A419-B9DB607BE371"
},
{
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7CAAF53-AA8E-48CB-9398-35461BE590C4"
},
{
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31E05134-A0C5-4937-A228-7D0884276B67"
},
{
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F06C4AD-FD20-4345-8386-0895312F0A00"
},
{
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98CC25E2-EC3D-43A2-8D03-06F0E804EA63"
},
{
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30933C36-C710-488F-9601-EE1BB749C58A"
},
{
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "41E94372-A1AE-48B1-82DC-08B7B616473F"
},
{
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51FBC8E0-34F8-475C-A1A8-571791CA05F9"
},
{
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E73EAEA-FA88-46B9-B9D5-A41603957AD7"
},
{
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF9BC654-4E3F-4B40-A6E5-79A818A51BED"
},
{
"criteria": "cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21C55D41-DB66-494D-BEEB-BDAC7CB4B31B"
},
{
"criteria": "cpe:2.3:a:liferay:liferay_portal:7.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C673509-5436-44DF-AFCE-BE5C3188D62F"
},
{
"criteria": "cpe:2.3:a:liferay:liferay_portal:7.3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B842A08-1EDB-4232-89C9-9B966E251B3B"
}
],
"operator": "OR"
}
]
}
]