Lucene search
Veracode Vulnerability DatabaseVERACODE:34553HistoryMar 07, 2022 - 10:18 a.m.
Cross-site Scripting (XSS)
2022-03-0710:18:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
0.001 Low
EPSS
Percentile
44.9%
Liferay Frontend Taglib Clay is vulnerable to cross-site scripting. The vulnerability exists in the processStartTag function of ManagementToolbarTag.java because the keyword parameter of the search function is not properly escaped, which allows an attacker to inject and execute arbitrary web scripts.
| CPE | Name | Operator | Version |
|---|---|---|---|
| com.liferay.frontend.taglib.clay | le | 7.1.14 | |
| com.liferay.frontend.taglib.clay | le | 7.1.14 |
References
liferay.com
github.com/advisories/GHSA-9536-m86r-q297
github.com/liferay/liferay-portal/commit/f5df5cbfdc8254b2388fa445e62ec1efebe3547f
issues.liferay.com/browse/LPS-134654
portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-38264-reflected-xss-with-keywords-in-search
Related
cve
cve
CVE-2021-38264
2022-03-03 00:15:07
osv
osv
CVE-2021-38264
2022-03-03 00:15:07
cvelist
cvelist
CVE-2021-38264
2022-03-02 23:06:32
prion
prion
Cross site scripting
2022-03-03 00:15:00
nvd
nvd
CVE-2021-38264
2022-03-03 00:15:07