CVE-2021-29044

Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_site_my_sites_web_portlet_MySitesPortlet_comments parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
liferaydigital_experience_platform
7.0
liferaydigital_experience_platform
7.0:fix_pack_13
liferaydigital_experience_platform
7.0:fix_pack_14
liferaydigital_experience_platform
7.0:fix_pack_24
liferaydigital_experience_platform
7.0:fix_pack_25
liferaydigital_experience_platform
7.0:fix_pack_26
liferaydigital_experience_platform
7.0:fix_pack_27
liferaydigital_experience_platform
7.0:fix_pack_28
liferaydigital_experience_platform
7.0:fix_pack_3
liferaydigital_experience_platform
7.0:fix_pack_30
liferaydigital_experience_platform
7.0:fix_pack_33
liferaydigital_experience_platform
7.0:fix_pack_35
liferaydigital_experience_platform
7.0:fix_pack_36
liferaydigital_experience_platform
7.0:fix_pack_39
liferaydigital_experience_platform
7.0:fix_pack_40
liferaydigital_experience_platform
7.0:fix_pack_41
liferaydigital_experience_platform
7.0:fix_pack_42
liferaydigital_experience_platform
7.0:fix_pack_43
liferaydigital_experience_platform
7.0:fix_pack_44
liferaydigital_experience_platform
7.0:fix_pack_45
liferaydigital_experience_platform
7.0:fix_pack_46
liferaydigital_experience_platform
7.0:fix_pack_47
liferaydigital_experience_platform
7.0:fix_pack_48
liferaydigital_experience_platform
7.0:fix_pack_49
liferaydigital_experience_platform
7.0:fix_pack_50
liferaydigital_experience_platform
7.0:fix_pack_51
liferaydigital_experience_platform
7.0:fix_pack_52
liferaydigital_experience_platform
7.0:fix_pack_53
liferaydigital_experience_platform
7.0:fix_pack_54
liferaydigital_experience_platform
7.0:fix_pack_56
liferaydigital_experience_platform
7.0:fix_pack_57
liferaydigital_experience_platform
7.0:fix_pack_58
liferaydigital_experience_platform
7.0:fix_pack_59
liferaydigital_experience_platform
7.0:fix_pack_60
liferaydigital_experience_platform
7.0:fix_pack_61
liferaydigital_experience_platform
7.0:fix_pack_64
liferaydigital_experience_platform
7.0:fix_pack_65
liferaydigital_experience_platform
7.0:fix_pack_66
liferaydigital_experience_platform
7.0:fix_pack_67
liferaydigital_experience_platform
7.0:fix_pack_68
liferaydigital_experience_platform
7.0:fix_pack_69
liferaydigital_experience_platform
7.0:fix_pack_70
liferaydigital_experience_platform
7.0:fix_pack_71
liferaydigital_experience_platform
7.0:fix_pack_72
liferaydigital_experience_platform
7.0:fix_pack_73
liferaydigital_experience_platform
7.0:fix_pack_75
liferaydigital_experience_platform
7.0:fix_pack_76
liferaydigital_experience_platform
7.0:fix_pack_78
liferaydigital_experience_platform
7.0:fix_pack_79
liferaydigital_experience_platform
7.0:fix_pack_80
liferaydigital_experience_platform
7.0:fix_pack_81
liferaydigital_experience_platform
7.0:fix_pack_82
liferaydigital_experience_platform
7.0:fix_pack_83
liferaydigital_experience_platform
7.0:fix_pack_84
liferaydigital_experience_platform
7.0:fix_pack_85
liferaydigital_experience_platform
7.0:fix_pack_86
liferaydigital_experience_platform
7.0:fix_pack_87
liferaydigital_experience_platform
7.0:fix_pack_88
liferaydigital_experience_platform
7.0:fix_pack_89
liferaydigital_experience_platform
7.0:fix_pack_90
liferaydigital_experience_platform
7.0:fix_pack_91
liferaydigital_experience_platform
7.0:fix_pack_92
liferaydigital_experience_platform
7.0:fix_pack_93
liferaydigital_experience_platform
7.0:fix_pack_94
liferaydigital_experience_platform
7.0:fix_pack_95
liferaydigital_experience_platform
7.0:fix_pack_96
liferaydigital_experience_platform
7.1:fix_pack_1
liferaydigital_experience_platform
7.1:fix_pack_10
liferaydigital_experience_platform
7.1:fix_pack_11
liferaydigital_experience_platform
7.1:fix_pack_12
liferaydigital_experience_platform
7.1:fix_pack_13
liferaydigital_experience_platform
7.1:fix_pack_14
liferaydigital_experience_platform
7.1:fix_pack_15
liferaydigital_experience_platform
7.1:fix_pack_16
liferaydigital_experience_platform
7.1:fix_pack_17
liferaydigital_experience_platform
7.1:fix_pack_18
liferaydigital_experience_platform
7.1:fix_pack_19
liferaydigital_experience_platform
7.1:fix_pack_2
liferaydigital_experience_platform
7.1:fix_pack_20
liferaydigital_experience_platform
7.1:fix_pack_3
liferaydigital_experience_platform
7.1:fix_pack_4
liferaydigital_experience_platform
7.1:fix_pack_5
liferaydigital_experience_platform
7.1:fix_pack_6
liferaydigital_experience_platform
7.1:fix_pack_7
liferaydigital_experience_platform
7.1:fix_pack_8
liferaydigital_experience_platform
7.1:fix_pack_9
liferaydigital_experience_platform
7.2
liferaydigital_experience_platform
7.2:fix_pack_1
liferaydigital_experience_platform
7.2:fix_pack_2
liferaydigital_experience_platform
7.2:fix_pack_3
liferaydigital_experience_platform
7.2:fix_pack_4
liferaydigital_experience_platform
7.2:fix_pack_5
liferaydigital_experience_platform
7.2:fix_pack_6
liferaydigital_experience_platform
7.2:fix_pack_7
liferaydigital_experience_platform
7.2:fix_pack_8
liferaydigital_experience_platform
7.2:fix_pack_9
liferaydxp
7.3
liferayliferay_portal
7.0.0 ≤
𝑥
≤ 7.3.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://liferay.com
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548
http://liferay.com
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743548