What is the severity of CVE-2021-33328?

The severity of CVE-2021-33328 is classified as high due to the potential for remote code execution through cross-site scripting (XSS).

How do I fix CVE-2021-33328?

To fix CVE-2021-33328, update Liferay Portal to a version later than 7.3.4 or apply the appropriate fix packs for Liferay DXP 7.0, 7.1, or 7.2.

Which versions are affected by CVE-2021-33328?

CVE-2021-33328 affects Liferay Portal versions from 7.0.0 through 7.3.4 and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9.

What is the impact of CVE-2021-33328?

The impact of CVE-2021-33328 allows remote attackers to inject arbitrary web scripts or HTML, potentially leading to data theft or unauthorized actions.

How can I mitigate the risks associated with CVE-2021-33328?

The best way to mitigate the risks of CVE-2021-33328 is to immediately upgrade to the patched versions or apply the identified fix packs from Liferay.

Vulnerability/
CVE-2021-33328

medium

5.4

CWE

3/8/2021

3/8/2024

CVE-2021-33328: XSS

First published: Tue Aug 03 2021(Updated: )

Cross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the (1) _com_liferay_journal_web_portlet_JournalPortlet_name or (2) _com_liferay_document_library_web_portlet_DLAdminPortlet_name parameter.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Liferay 7.4 GA	=7.0
Liferay 7.4 GA	=7.0-fix_pack_13
Liferay 7.4 GA	=7.0-fix_pack_14
Liferay 7.4 GA	=7.0-fix_pack_24
Liferay 7.4 GA	=7.0-fix_pack_25
Liferay 7.4 GA	=7.0-fix_pack_26
Liferay 7.4 GA	=7.0-fix_pack_27
Liferay 7.4 GA	=7.0-fix_pack_28
Liferay 7.4 GA	=7.0-fix_pack_3\+
Liferay 7.4 GA	=7.0-fix_pack_30
Liferay 7.4 GA	=7.0-fix_pack_33
Liferay 7.4 GA	=7.0-fix_pack_35
Liferay 7.4 GA	=7.0-fix_pack_36
Liferay 7.4 GA	=7.0-fix_pack_39
Liferay 7.4 GA	=7.0-fix_pack_40
Liferay 7.4 GA	=7.0-fix_pack_41
Liferay 7.4 GA	=7.0-fix_pack_42
Liferay 7.4 GA	=7.0-fix_pack_43
Liferay 7.4 GA	=7.0-fix_pack_44
Liferay 7.4 GA	=7.0-fix_pack_45
Liferay 7.4 GA	=7.0-fix_pack_46
Liferay 7.4 GA	=7.0-fix_pack_47
Liferay 7.4 GA	=7.0-fix_pack_48
Liferay 7.4 GA	=7.0-fix_pack_49
Liferay 7.4 GA	=7.0-fix_pack_50
Liferay 7.4 GA	=7.0-fix_pack_51
Liferay 7.4 GA	=7.0-fix_pack_52
Liferay 7.4 GA	=7.0-fix_pack_53
Liferay 7.4 GA	=7.0-fix_pack_54
Liferay 7.4 GA	=7.0-fix_pack_56
Liferay 7.4 GA	=7.0-fix_pack_57
Liferay 7.4 GA	=7.0-fix_pack_58
Liferay 7.4 GA	=7.0-fix_pack_59
Liferay 7.4 GA	=7.0-fix_pack_60
Liferay 7.4 GA	=7.0-fix_pack_61
Liferay 7.4 GA	=7.0-fix_pack_64
Liferay 7.4 GA	=7.0-fix_pack_65
Liferay 7.4 GA	=7.0-fix_pack_66
Liferay 7.4 GA	=7.0-fix_pack_67
Liferay 7.4 GA	=7.0-fix_pack_68
Liferay 7.4 GA	=7.0-fix_pack_69
Liferay 7.4 GA	=7.0-fix_pack_70
Liferay 7.4 GA	=7.0-fix_pack_71
Liferay 7.4 GA	=7.0-fix_pack_72
Liferay 7.4 GA	=7.0-fix_pack_73
Liferay 7.4 GA	=7.0-fix_pack_75
Liferay 7.4 GA	=7.0-fix_pack_76
Liferay 7.4 GA	=7.0-fix_pack_78
Liferay 7.4 GA	=7.0-fix_pack_79
Liferay 7.4 GA	=7.0-fix_pack_80
Liferay 7.4 GA	=7.0-fix_pack_81
Liferay 7.4 GA	=7.0-fix_pack_82
Liferay 7.4 GA	=7.0-fix_pack_83
Liferay 7.4 GA	=7.0-fix_pack_84
Liferay 7.4 GA	=7.0-fix_pack_85
Liferay 7.4 GA	=7.0-fix_pack_86
Liferay 7.4 GA	=7.0-fix_pack_87
Liferay 7.4 GA	=7.0-fix_pack_88
Liferay 7.4 GA	=7.0-fix_pack_89
Liferay 7.4 GA	=7.0-fix_pack_90
Liferay 7.4 GA	=7.0-fix_pack_91
Liferay 7.4 GA	=7.0-fix_pack_92
Liferay 7.4 GA	=7.0-fix_pack_93
Liferay 7.4 GA	=7.0-fix_pack_94
Liferay 7.4 GA	=7.0-fix_pack_95
Liferay 7.4 GA	=7.1
Liferay 7.4 GA	=7.1-fix_pack_1
Liferay 7.4 GA	=7.1-fix_pack_10
Liferay 7.4 GA	=7.1-fix_pack_11
Liferay 7.4 GA	=7.1-fix_pack_12
Liferay 7.4 GA	=7.1-fix_pack_13
Liferay 7.4 GA	=7.1-fix_pack_14
Liferay 7.4 GA	=7.1-fix_pack_15
Liferay 7.4 GA	=7.1-fix_pack_16
Liferay 7.4 GA	=7.1-fix_pack_17
Liferay 7.4 GA	=7.1-fix_pack_18
Liferay 7.4 GA	=7.1-fix_pack_19
Liferay 7.4 GA	=7.1-fix_pack_2
Liferay 7.4 GA	=7.1-fix_pack_3
Liferay 7.4 GA	=7.1-fix_pack_4
Liferay 7.4 GA	=7.1-fix_pack_5
Liferay 7.4 GA	=7.1-fix_pack_6
Liferay 7.4 GA	=7.1-fix_pack_7
Liferay 7.4 GA	=7.1-fix_pack_8
Liferay 7.4 GA	=7.1-fix_pack_9
Liferay 7.4 GA	=7.2
Liferay 7.4 GA	=7.2-fix_pack_1
Liferay 7.4 GA	=7.2-fix_pack_2
Liferay 7.4 GA	=7.2-fix_pack_3
Liferay 7.4 GA	=7.2-fix_pack_4
Liferay 7.4 GA	=7.2-fix_pack_5
Liferay 7.4 GA	=7.2-fix_pack_6
Liferay 7.4 GA	=7.2-fix_pack_7
Liferay 7.4 GA	=7.2-fix_pack_8
Liferay 7.4 GA	>=7.0.0<7.3.5

Remedy

https://issues.liferay.com/browse/LPE-17100

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-33328?
The severity of CVE-2021-33328 is classified as high due to the potential for remote code execution through cross-site scripting (XSS).
How do I fix CVE-2021-33328?
To fix CVE-2021-33328, update Liferay Portal to a version later than 7.3.4 or apply the appropriate fix packs for Liferay DXP 7.0, 7.1, or 7.2.
Which versions are affected by CVE-2021-33328?
CVE-2021-33328 affects Liferay Portal versions from 7.0.0 through 7.3.4 and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9.
What is the impact of CVE-2021-33328?
The impact of CVE-2021-33328 allows remote attackers to inject arbitrary web scripts or HTML, potentially leading to data theft or unauthorized actions.
How can I mitigate the risks associated with CVE-2021-33328?
The best way to mitigate the risks of CVE-2021-33328 is to immediately upgrade to the patched versions or apply the identified fix packs from Liferay.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/remedy
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
vendor/liferay
canonical/liferay 7.4 ga
version/liferay 7.4 ga/7.0
version/liferay 7.4 ga/7.0-fix_pack_13
version/liferay 7.4 ga/7.0-fix_pack_14
version/liferay 7.4 ga/7.0-fix_pack_24
version/liferay 7.4 ga/7.0-fix_pack_25
version/liferay 7.4 ga/7.0-fix_pack_26
version/liferay 7.4 ga/7.0-fix_pack_27
version/liferay 7.4 ga/7.0-fix_pack_28
version/liferay 7.4 ga/7.0-fix_pack_3\+
version/liferay 7.4 ga/7.0-fix_pack_30
version/liferay 7.4 ga/7.0-fix_pack_33
version/liferay 7.4 ga/7.0-fix_pack_35
version/liferay 7.4 ga/7.0-fix_pack_36
version/liferay 7.4 ga/7.0-fix_pack_39
version/liferay 7.4 ga/7.0-fix_pack_40
version/liferay 7.4 ga/7.0-fix_pack_41
version/liferay 7.4 ga/7.0-fix_pack_42
version/liferay 7.4 ga/7.0-fix_pack_43
version/liferay 7.4 ga/7.0-fix_pack_44
version/liferay 7.4 ga/7.0-fix_pack_45
version/liferay 7.4 ga/7.0-fix_pack_46
version/liferay 7.4 ga/7.0-fix_pack_47
version/liferay 7.4 ga/7.0-fix_pack_48
version/liferay 7.4 ga/7.0-fix_pack_49
version/liferay 7.4 ga/7.0-fix_pack_50
version/liferay 7.4 ga/7.0-fix_pack_51
version/liferay 7.4 ga/7.0-fix_pack_52
version/liferay 7.4 ga/7.0-fix_pack_53
version/liferay 7.4 ga/7.0-fix_pack_54
version/liferay 7.4 ga/7.0-fix_pack_56
version/liferay 7.4 ga/7.0-fix_pack_57
version/liferay 7.4 ga/7.0-fix_pack_58
version/liferay 7.4 ga/7.0-fix_pack_59
version/liferay 7.4 ga/7.0-fix_pack_60
version/liferay 7.4 ga/7.0-fix_pack_61
version/liferay 7.4 ga/7.0-fix_pack_64
version/liferay 7.4 ga/7.0-fix_pack_65
version/liferay 7.4 ga/7.0-fix_pack_66
version/liferay 7.4 ga/7.0-fix_pack_67
version/liferay 7.4 ga/7.0-fix_pack_68
version/liferay 7.4 ga/7.0-fix_pack_69
version/liferay 7.4 ga/7.0-fix_pack_70
version/liferay 7.4 ga/7.0-fix_pack_71
version/liferay 7.4 ga/7.0-fix_pack_72
version/liferay 7.4 ga/7.0-fix_pack_73
version/liferay 7.4 ga/7.0-fix_pack_75
version/liferay 7.4 ga/7.0-fix_pack_76
version/liferay 7.4 ga/7.0-fix_pack_78
version/liferay 7.4 ga/7.0-fix_pack_79
version/liferay 7.4 ga/7.0-fix_pack_80
version/liferay 7.4 ga/7.0-fix_pack_81
version/liferay 7.4 ga/7.0-fix_pack_82
version/liferay 7.4 ga/7.0-fix_pack_83
version/liferay 7.4 ga/7.0-fix_pack_84
version/liferay 7.4 ga/7.0-fix_pack_85
version/liferay 7.4 ga/7.0-fix_pack_86
version/liferay 7.4 ga/7.0-fix_pack_87
version/liferay 7.4 ga/7.0-fix_pack_88
version/liferay 7.4 ga/7.0-fix_pack_89
version/liferay 7.4 ga/7.0-fix_pack_90
version/liferay 7.4 ga/7.0-fix_pack_91
version/liferay 7.4 ga/7.0-fix_pack_92
version/liferay 7.4 ga/7.0-fix_pack_93
version/liferay 7.4 ga/7.0-fix_pack_94
version/liferay 7.4 ga/7.0-fix_pack_95
version/liferay 7.4 ga/7.1
version/liferay 7.4 ga/7.1-fix_pack_1
version/liferay 7.4 ga/7.1-fix_pack_10
version/liferay 7.4 ga/7.1-fix_pack_11
version/liferay 7.4 ga/7.1-fix_pack_12
version/liferay 7.4 ga/7.1-fix_pack_13
version/liferay 7.4 ga/7.1-fix_pack_14
version/liferay 7.4 ga/7.1-fix_pack_15
version/liferay 7.4 ga/7.1-fix_pack_16
version/liferay 7.4 ga/7.1-fix_pack_17
version/liferay 7.4 ga/7.1-fix_pack_18
version/liferay 7.4 ga/7.1-fix_pack_19
version/liferay 7.4 ga/7.1-fix_pack_2
version/liferay 7.4 ga/7.1-fix_pack_3
version/liferay 7.4 ga/7.1-fix_pack_4
version/liferay 7.4 ga/7.1-fix_pack_5
version/liferay 7.4 ga/7.1-fix_pack_6
version/liferay 7.4 ga/7.1-fix_pack_7
version/liferay 7.4 ga/7.1-fix_pack_8
version/liferay 7.4 ga/7.1-fix_pack_9
version/liferay 7.4 ga/7.2
version/liferay 7.4 ga/7.2-fix_pack_1
version/liferay 7.4 ga/7.2-fix_pack_2
version/liferay 7.4 ga/7.2-fix_pack_3
version/liferay 7.4 ga/7.2-fix_pack_4
version/liferay 7.4 ga/7.2-fix_pack_5
version/liferay 7.4 ga/7.2-fix_pack_6
version/liferay 7.4 ga/7.2-fix_pack_7
version/liferay 7.4 ga/7.2-fix_pack_8
version/liferay 7.4 ga/7.0.0