First published: Wed Mar 02 2022(Updated: )
Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell command.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay Liferay Portal | >=7.1.0<=7.3.6 | |
Liferay Liferay Portal | =7.4.0 | |
Liferay Digital Experience Platform | =7.1 | |
Liferay Digital Experience Platform | =7.1-fix_pack_1 | |
Liferay Digital Experience Platform | =7.1-fix_pack_10 | |
Liferay Digital Experience Platform | =7.1-fix_pack_11 | |
Liferay Digital Experience Platform | =7.1-fix_pack_12 | |
Liferay Digital Experience Platform | =7.1-fix_pack_13 | |
Liferay Digital Experience Platform | =7.1-fix_pack_14 | |
Liferay Digital Experience Platform | =7.1-fix_pack_15 | |
Liferay Digital Experience Platform | =7.1-fix_pack_16 | |
Liferay Digital Experience Platform | =7.1-fix_pack_17 | |
Liferay Digital Experience Platform | =7.1-fix_pack_18 | |
Liferay Digital Experience Platform | =7.1-fix_pack_19 | |
Liferay Digital Experience Platform | =7.1-fix_pack_2 | |
Liferay Digital Experience Platform | =7.1-fix_pack_20 | |
Liferay Digital Experience Platform | =7.1-fix_pack_21 | |
Liferay Digital Experience Platform | =7.1-fix_pack_22 | |
Liferay Digital Experience Platform | =7.1-fix_pack_23 | |
Liferay Digital Experience Platform | =7.1-fix_pack_3 | |
Liferay Digital Experience Platform | =7.1-fix_pack_4 | |
Liferay Digital Experience Platform | =7.1-fix_pack_5 | |
Liferay Digital Experience Platform | =7.1-fix_pack_6 | |
Liferay Digital Experience Platform | =7.1-fix_pack_7 | |
Liferay Digital Experience Platform | =7.1-fix_pack_8 | |
Liferay Digital Experience Platform | =7.1-fix_pack_9 | |
Liferay Digital Experience Platform | =7.2 | |
Liferay Digital Experience Platform | =7.2-fix_pack_1 | |
Liferay Digital Experience Platform | =7.2-fix_pack_10 | |
Liferay Digital Experience Platform | =7.2-fix_pack_11 | |
Liferay Digital Experience Platform | =7.2-fix_pack_12 | |
Liferay Digital Experience Platform | =7.2-fix_pack_2 | |
Liferay Digital Experience Platform | =7.2-fix_pack_3 | |
Liferay Digital Experience Platform | =7.2-fix_pack_4 | |
Liferay Digital Experience Platform | =7.2-fix_pack_5 | |
Liferay Digital Experience Platform | =7.2-fix_pack_6 | |
Liferay Digital Experience Platform | =7.2-fix_pack_7 | |
Liferay Digital Experience Platform | =7.2-fix_pack_8 | |
Liferay Digital Experience Platform | =7.2-fix_pack_9 | |
Liferay Digital Experience Platform | =7.3 | |
Liferay Digital Experience Platform | =7.3-fix_pack_1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-38269 is medium with a severity value of 5.4.
CVE-2021-38269 affects Liferay Portal versions 7.1.0 through 7.3.6 and Liferay DXP versions 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2.
Remote attackers can inject arbitrary web script or HTML via the output of a Gogo Shell command.
The CWE ID for CVE-2021-38269 is 79.
To fix CVE-2021-38269, update to the latest version of Liferay Portal (7.3.6 or higher) or Liferay DXP (7.1 fix pack 23 or higher, 7.2 fix pack 13 or higher, 7.3 fix pack 2 or higher).