fkie_nvd - fkie_cve-2021-29048

fkie_cve-2021-29048

Vulnerability from fkie_nvd

Published

2021-05-17 12:15

Modified

2024-11-21 06:00

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_name parameter.

References

URL	Tags
cve@mitre.org	http://liferay.com	Vendor Advisory
cve@mitre.org	https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://liferay.com	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601	Vendor Advisory

Impacted products

Vendor	Product	Version
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.2
liferay	dxp	7.3
liferay	liferay_portal	7.3.4
liferay	liferay_portal	7.3.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "8CAAE1B7-982E-4D50-9651-DEEE6CD74EED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:*:*:*:*:*:*",
              "matchCriteriaId": "AFCF99EC-3384-418D-A419-B9DB607BE371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_10:*:*:*:*:*:*",
              "matchCriteriaId": "F7CAAF53-AA8E-48CB-9398-35461BE590C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:*:*:*:*:*:*",
              "matchCriteriaId": "31E05134-A0C5-4937-A228-7D0884276B67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_3:*:*:*:*:*:*",
              "matchCriteriaId": "3F06C4AD-FD20-4345-8386-0895312F0A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:*:*:*:*:*:*",
              "matchCriteriaId": "98CC25E2-EC3D-43A2-8D03-06F0E804EA63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:*:*:*:*:*:*",
              "matchCriteriaId": "30933C36-C710-488F-9601-EE1BB749C58A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:*:*:*:*:*:*",
              "matchCriteriaId": "41E94372-A1AE-48B1-82DC-08B7B616473F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_7:*:*:*:*:*:*",
              "matchCriteriaId": "51FBC8E0-34F8-475C-A1A8-571791CA05F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_8:*:*:*:*:*:*",
              "matchCriteriaId": "1E73EAEA-FA88-46B9-B9D5-A41603957AD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_9:*:*:*:*:*:*",
              "matchCriteriaId": "CF9BC654-4E3F-4B40-A6E5-79A818A51BED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*",
              "matchCriteriaId": "21C55D41-DB66-494D-BEEB-BDAC7CB4B31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:liferay_portal:7.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C673509-5436-44DF-AFCE-BE5C3188D62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:liferay:liferay_portal:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B842A08-1EDB-4232-89C9-9B966E251B3B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Layout module\u0027s page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_name parameter."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en la p\u00e1gina de administraci\u00f3n page del m\u00f3dulo Layout en Liferay Portal versiones 7.3.4, 7.3.5 y Liferay DXP versiones 7.2 anteriores a fixpack 11 y versiones 7.3 anteriores a fixpack 1, permite a atacantes remotos inyectar un script web o HTML arbitrario por medio del par\u00e1metro _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_name"
    }
  ],
  "id": "CVE-2021-29048",
  "lastModified": "2024-11-21T06:00:35.617",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-17T12:15:07.427",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://liferay.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://liferay.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743601"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2021-29048

Vulnerability from cvelistv5

Published

2021-05-17 11:08

Modified

2024-08-03 21:55