Moderate severityNVD Advisory· Published Jun 9, 2021· Updated Aug 3, 2024

CVE-2021-29049

Description

Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
com.liferay.portal:release.dxp.bomMaven	>= 7.0, < 7.0.10.fp99	7.0.10.fp99
com.liferay.portal:release.dxp.bomMaven	>= 7.1.0, < 7.1.10.fp23	7.1.10.fp23
com.liferay.portal:release.dxp.bomMaven	>= 7.2.0, < 7.2.10.fp12	7.2.10.fp12
com.liferay.portal:release.dxp.bomMaven	>= 7.3.0, < 7.3.10.fp1	7.3.10.fp1

Affected products

Liferay/DXPdescription
ghsa-coords
pkg:maven/com.liferay.portal/release.dxp.bom
Range: >= 7.0, < 7.0.10.fp99

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-w28v-87g6-cjr6ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-29049ghsaADVISORY
liferay.comghsax_refsource_MISCWEB
issues.liferay.com/browse/LPE-17211ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000