Description

Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.

Remediation

References

CVE-2021-29039

Related Vulnerabilities

Zope Web Application Server Other Vulnerability (CVE-2002-0687)

PHP version older than 5.2.1

WordPress Plugin TDO Mini Forms Arbitrary File Upload (0.13.9)

WordPress Plugin Google Maps Cross-Site Scripting (2.1.3)

MySQL CVE-2020-2923 Vulnerability (CVE-2020-2923)

Severity

Medium

Classification

CVE-2021-29039 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities