logo

Database

Server side cross-site scripting In com.liferay.portal:release.dxp.bom

Description

Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_site_admin_web_portlet_SiteAdminPortlet_name parameter.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2021-333392. NVD-2021-333393. OSV-2021-333394. GCVE-2021-33339

References

1. https://issues.liferay.com/browse/LPE-171022. https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747934

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.