First published: Wed Jun 09 2021(Updated: )
Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay DXP | =7.0 | |
Liferay DXP | =7.0-fix_pack_13 | |
Liferay DXP | =7.0-fix_pack_14 | |
Liferay DXP | =7.0-fix_pack_24 | |
Liferay DXP | =7.0-fix_pack_25 | |
Liferay DXP | =7.0-fix_pack_26 | |
Liferay DXP | =7.0-fix_pack_27 | |
Liferay DXP | =7.0-fix_pack_28 | |
Liferay DXP | =7.0-fix_pack_3\+ | |
Liferay DXP | =7.0-fix_pack_30 | |
Liferay DXP | =7.0-fix_pack_33 | |
Liferay DXP | =7.0-fix_pack_35 | |
Liferay DXP | =7.0-fix_pack_36 | |
Liferay DXP | =7.0-fix_pack_39 | |
Liferay DXP | =7.0-fix_pack_40 | |
Liferay DXP | =7.0-fix_pack_41 | |
Liferay DXP | =7.0-fix_pack_42 | |
Liferay DXP | =7.0-fix_pack_43 | |
Liferay DXP | =7.0-fix_pack_44 | |
Liferay DXP | =7.0-fix_pack_45 | |
Liferay DXP | =7.0-fix_pack_46 | |
Liferay DXP | =7.0-fix_pack_47 | |
Liferay DXP | =7.0-fix_pack_48 | |
Liferay DXP | =7.0-fix_pack_49 | |
Liferay DXP | =7.0-fix_pack_50 | |
Liferay DXP | =7.0-fix_pack_51 | |
Liferay DXP | =7.0-fix_pack_52 | |
Liferay DXP | =7.0-fix_pack_53 | |
Liferay DXP | =7.0-fix_pack_54 | |
Liferay DXP | =7.0-fix_pack_56 | |
Liferay DXP | =7.0-fix_pack_57 | |
Liferay DXP | =7.0-fix_pack_58 | |
Liferay DXP | =7.0-fix_pack_59 | |
Liferay DXP | =7.0-fix_pack_60 | |
Liferay DXP | =7.0-fix_pack_61 | |
Liferay DXP | =7.0-fix_pack_64 | |
Liferay DXP | =7.0-fix_pack_65 | |
Liferay DXP | =7.0-fix_pack_66 | |
Liferay DXP | =7.0-fix_pack_67 | |
Liferay DXP | =7.0-fix_pack_68 | |
Liferay DXP | =7.0-fix_pack_69 | |
Liferay DXP | =7.0-fix_pack_70 | |
Liferay DXP | =7.0-fix_pack_71 | |
Liferay DXP | =7.0-fix_pack_72 | |
Liferay DXP | =7.0-fix_pack_73 | |
Liferay DXP | =7.0-fix_pack_75 | |
Liferay DXP | =7.0-fix_pack_76 | |
Liferay DXP | =7.0-fix_pack_78 | |
Liferay DXP | =7.0-fix_pack_79 | |
Liferay DXP | =7.0-fix_pack_80 | |
Liferay DXP | =7.0-fix_pack_81 | |
Liferay DXP | =7.0-fix_pack_82 | |
Liferay DXP | =7.0-fix_pack_83 | |
Liferay DXP | =7.0-fix_pack_84 | |
Liferay DXP | =7.0-fix_pack_85 | |
Liferay DXP | =7.0-fix_pack_86 | |
Liferay DXP | =7.0-fix_pack_87 | |
Liferay DXP | =7.0-fix_pack_88 | |
Liferay DXP | =7.0-fix_pack_89 | |
Liferay DXP | =7.0-fix_pack_90 | |
Liferay DXP | =7.0-fix_pack_91 | |
Liferay DXP | =7.0-fix_pack_92 | |
Liferay DXP | =7.0-fix_pack_93 | |
Liferay DXP | =7.0-fix_pack_94 | |
Liferay DXP | =7.0-fix_pack_95 | |
Liferay DXP | =7.0-fix_pack_96 | |
Liferay DXP | =7.0-sp2 | |
Liferay DXP | =7.0-sp5 | |
Liferay DXP | =7.1 | |
Liferay DXP | =7.1-fix_pack_1 | |
Liferay DXP | =7.1-fix_pack_10 | |
Liferay DXP | =7.1-fix_pack_11 | |
Liferay DXP | =7.1-fix_pack_12 | |
Liferay DXP | =7.1-fix_pack_13 | |
Liferay DXP | =7.1-fix_pack_14 | |
Liferay DXP | =7.1-fix_pack_15 | |
Liferay DXP | =7.1-fix_pack_16 | |
Liferay DXP | =7.1-fix_pack_17 | |
Liferay DXP | =7.1-fix_pack_18 | |
Liferay DXP | =7.1-fix_pack_19 | |
Liferay DXP | =7.1-fix_pack_2 | |
Liferay DXP | =7.1-fix_pack_20 | |
Liferay DXP | =7.1-fix_pack_21 | |
Liferay DXP | =7.1-fix_pack_22 | |
Liferay DXP | =7.1-fix_pack_3 | |
Liferay DXP | =7.1-fix_pack_4 | |
Liferay DXP | =7.1-fix_pack_5 | |
Liferay DXP | =7.1-fix_pack_6 | |
Liferay DXP | =7.1-fix_pack_7 | |
Liferay DXP | =7.1-fix_pack_8 | |
Liferay DXP | =7.1-fix_pack_9 | |
Liferay DXP | =7.2 | |
Liferay DXP | =7.2-fix_pack_1 | |
Liferay DXP | =7.2-fix_pack_10 | |
Liferay DXP | =7.2-fix_pack_11 | |
Liferay DXP | =7.2-fix_pack_2 | |
Liferay DXP | =7.2-fix_pack_3 | |
Liferay DXP | =7.2-fix_pack_4 | |
Liferay DXP | =7.2-fix_pack_5 | |
Liferay DXP | =7.2-fix_pack_6 | |
Liferay DXP | =7.2-fix_pack_7 | |
Liferay DXP | =7.2-fix_pack_8 | |
Liferay DXP | =7.2-fix_pack_9 | |
Liferay DXP | =7.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE ID is CVE-2021-29049.
The severity level is rated as medium with a CVSS score of 6.1.
Remote attackers can exploit this vulnerability by injecting arbitrary web script or HTML via the currentURL parameter.
Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12, and 7.3 before fix pack 1 are affected.
You can find more information about the vulnerability and its fix on the Liferay website and the Liferay official advisory page.