First published: Tue Aug 03 2021(Updated: )
Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the title of a modal window.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay DXP | =7.0 | |
Liferay DXP | =7.0-fix_pack_13 | |
Liferay DXP | =7.0-fix_pack_14 | |
Liferay DXP | =7.0-fix_pack_24 | |
Liferay DXP | =7.0-fix_pack_25 | |
Liferay DXP | =7.0-fix_pack_26 | |
Liferay DXP | =7.0-fix_pack_27 | |
Liferay DXP | =7.0-fix_pack_28 | |
Liferay DXP | =7.0-fix_pack_3\+ | |
Liferay DXP | =7.0-fix_pack_30 | |
Liferay DXP | =7.0-fix_pack_33 | |
Liferay DXP | =7.0-fix_pack_35 | |
Liferay DXP | =7.0-fix_pack_36 | |
Liferay DXP | =7.0-fix_pack_39 | |
Liferay DXP | =7.0-fix_pack_40 | |
Liferay DXP | =7.0-fix_pack_41 | |
Liferay DXP | =7.0-fix_pack_42 | |
Liferay DXP | =7.0-fix_pack_43 | |
Liferay DXP | =7.0-fix_pack_44 | |
Liferay DXP | =7.0-fix_pack_45 | |
Liferay DXP | =7.0-fix_pack_46 | |
Liferay DXP | =7.0-fix_pack_47 | |
Liferay DXP | =7.0-fix_pack_48 | |
Liferay DXP | =7.0-fix_pack_49 | |
Liferay DXP | =7.0-fix_pack_50 | |
Liferay DXP | =7.0-fix_pack_51 | |
Liferay DXP | =7.0-fix_pack_52 | |
Liferay DXP | =7.0-fix_pack_53 | |
Liferay DXP | =7.0-fix_pack_54 | |
Liferay DXP | =7.0-fix_pack_56 | |
Liferay DXP | =7.0-fix_pack_57 | |
Liferay DXP | =7.0-fix_pack_58 | |
Liferay DXP | =7.0-fix_pack_59 | |
Liferay DXP | =7.0-fix_pack_60 | |
Liferay DXP | =7.0-fix_pack_61 | |
Liferay DXP | =7.0-fix_pack_64 | |
Liferay DXP | =7.0-fix_pack_65 | |
Liferay DXP | =7.0-fix_pack_66 | |
Liferay DXP | =7.0-fix_pack_67 | |
Liferay DXP | =7.0-fix_pack_68 | |
Liferay DXP | =7.0-fix_pack_69 | |
Liferay DXP | =7.0-fix_pack_70 | |
Liferay DXP | =7.0-fix_pack_71 | |
Liferay DXP | =7.0-fix_pack_72 | |
Liferay DXP | =7.0-fix_pack_73 | |
Liferay DXP | =7.0-fix_pack_75 | |
Liferay DXP | =7.0-fix_pack_76 | |
Liferay DXP | =7.0-fix_pack_78 | |
Liferay DXP | =7.0-fix_pack_79 | |
Liferay DXP | =7.0-fix_pack_80 | |
Liferay DXP | =7.0-fix_pack_81 | |
Liferay DXP | =7.0-fix_pack_82 | |
Liferay DXP | =7.0-fix_pack_83 | |
Liferay DXP | =7.0-fix_pack_84 | |
Liferay DXP | =7.0-fix_pack_85 | |
Liferay DXP | =7.0-fix_pack_86 | |
Liferay DXP | =7.0-fix_pack_87 | |
Liferay DXP | =7.0-fix_pack_88 | |
Liferay DXP | =7.0-fix_pack_89 | |
Liferay DXP | =7.0-fix_pack_90 | |
Liferay DXP | =7.0-fix_pack_91 | |
Liferay DXP | =7.0-fix_pack_92 | |
Liferay DXP | =7.0-fix_pack_93 | |
Liferay DXP | =7.0-fix_pack_94 | |
Liferay DXP | =7.0-fix_pack_95 | |
Liferay DXP | =7.1 | |
Liferay DXP | =7.1-fix_pack_1 | |
Liferay DXP | =7.1-fix_pack_10 | |
Liferay DXP | =7.1-fix_pack_11 | |
Liferay DXP | =7.1-fix_pack_12 | |
Liferay DXP | =7.1-fix_pack_13 | |
Liferay DXP | =7.1-fix_pack_14 | |
Liferay DXP | =7.1-fix_pack_15 | |
Liferay DXP | =7.1-fix_pack_16 | |
Liferay DXP | =7.1-fix_pack_17 | |
Liferay DXP | =7.1-fix_pack_18 | |
Liferay DXP | =7.1-fix_pack_19 | |
Liferay DXP | =7.1-fix_pack_2 | |
Liferay DXP | =7.1-fix_pack_3 | |
Liferay DXP | =7.1-fix_pack_4 | |
Liferay DXP | =7.1-fix_pack_5 | |
Liferay DXP | =7.1-fix_pack_6 | |
Liferay DXP | =7.1-fix_pack_7 | |
Liferay DXP | =7.1-fix_pack_8 | |
Liferay DXP | =7.1-fix_pack_9 | |
Liferay DXP | =7.2 | |
Liferay DXP | =7.2-fix_pack_1 | |
Liferay DXP | =7.2-fix_pack_2 | |
Liferay DXP | =7.2-fix_pack_3 | |
Liferay DXP | =7.2-fix_pack_4 | |
Liferay DXP | =7.2-fix_pack_5 | |
Liferay DXP | =7.2-fix_pack_6 | |
Liferay DXP | =7.2-fix_pack_7 | |
Liferay DXP | =7.2-fix_pack_8 | |
Liferay Liferay Portal | <7.3.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-33326 is the CVE ID for this Cross-site scripting (XSS) vulnerability.
The Cross-site scripting (XSS) vulnerability affects Liferay Portal 7.3.4 and earlier, as well as Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9.
The vulnerability allows remote attackers to inject arbitrary web script or HTML via the title of a modal window, posing a medium severity risk with a CVSS score of 6.1.
Users can mitigate the impact of this vulnerability by applying the necessary fix packs provided by Liferay for the affected versions.
For more information about this vulnerability, you can refer to the official references provided by Liferay in relation to CVE-2021-33326.