CVE-2021-29039

2021-05-1615:15:07

Google

osv.dev

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.1%

JSON

Cross-site scripting (XSS) vulnerability in the Asset module’s categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.

CPENameOperatorVersion
liferay-portaleq7.1.0-a2
liferay-portaleqsync-3.0.1-b2
liferay-portaleq7.2.0-b1
liferay-portaleq7.3.0-ga1
liferay-portaleq7.3.4-ga5
liferay-portaleqsync-3.0.3-b4
liferay-portaleq6.2.0-b1
liferay-portaleq7.0.0-m1
liferay-portaleqsync-3.0.4-b5
liferay-portaleq7.3.1-ga2

Name	Operator	Version
liferay-portal	eq	7.1.0-a2
liferay-portal	eq	sync-3.0.1-b2
liferay-portal	eq	7.2.0-b1
liferay-portal	eq	7.3.0-ga1
liferay-portal	eq	7.3.4-ga5
liferay-portal	eq	sync-3.0.3-b4
liferay-portal	eq	6.2.0-b1
liferay-portal	eq	7.0.0-m1
liferay-portal	eq	sync-3.0.4-b5
liferay-portal	eq	7.3.1-ga2