First published: Mon May 17 2021(Updated: )
Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_redirect_web_internal_portlet_RedirectPortlet_destinationURL parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay DXP | =7.3 | |
Liferay Liferay Portal | >=7.3.2<=7.3.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-29045 is a cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1.
CVE-2021-29045 allows remote attackers to inject arbitrary web script or HTML.
The severity of CVE-2021-29045 is medium with a CVSS score of 6.1 out of 10.
To mitigate CVE-2021-29045, you should apply the appropriate security patch provided by Liferay.
You can find more information about CVE-2021-29045 on the Liferay website and the Liferay Developer Portal.