CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-29048

Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_name parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.0%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://liferay.com
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601
http://liferay.com
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601

Products affected by CVE-2021-29048

Liferay » Dxp » Version: 7.2

cpe:2.3:a:liferay:dxp:7.2
Liferay » Dxp » Version: 7.3

cpe:2.3:a:liferay:dxp:7.3
Liferay » Liferay Portal » Version: 7.3.4

cpe:2.3:a:liferay:liferay_portal:7.3.4
Liferay » Liferay Portal » Version: 7.3.5

cpe:2.3:a:liferay:liferay_portal:7.3.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-29048

Products

Pricing

Contact Us