Moderate severityNVD Advisory· Published May 17, 2021· Updated Aug 3, 2024

CVE-2021-29046

Description

Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_categories_admin_web_portlet_AssetCategoriesAdminPortlet_title parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
com.liferay.portal:release.dxp.bomMaven	>= 7.3.10.fp0, < 7.3.10.fp1	7.3.10.fp1

Affected products

Liferay/Liferay Portaldescription
ghsa-coords2 versions
pkg:maven/com.liferay.portal/release.dxp.bom pkg:maven/com.liferay.portal/release.portal.bom
>= 7.3.10.fp0, < 7.3.10.fp1+ 1 more
- (no CPE)range: >= 7.3.10.fp0, < 7.3.10.fp1
- (no CPE)

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-9g57-m5vf-qp73ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-29046ghsaADVISORY
liferay.comghsax_refsource_MISCWEB
portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743501ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000