Moderate severityNVD Advisory· Published Aug 4, 2021· Updated Aug 3, 2024
CVE-2021-33336
CVE-2021-33336
Description
Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_journal_web_portlet_JournalPortlet_name parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay.portal:release.portal.bomMaven | >= 7.3.0, < 7.3.4 | 7.3.4 |
com.liferay.portal:release.dxp.bomMaven | >= 7.1.0, < 7.1.10.fp18 | 7.1.10.fp18 |
com.liferay.portal:release.dxp.bomMaven | >= 7.2.10.fp5, < 7.2.10.fp7 | 7.2.10.fp7 |
Affected products
3- Liferay/Liferay Portaldescription
- ghsa-coords2 versions
>= 7.1.0, < 7.1.10.fp18+ 1 more
- (no CPE)range: >= 7.1.0, < 7.1.10.fp18
- (no CPE)range: >= 7.3.0, < 7.3.4
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-fvg6-9r88-7w85ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-33336ghsaADVISORY
- issues.liferay.com/browse/LPE-17078ghsax_refsource_CONFIRMWEB
- portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-33336-stored-xss-with-structure-nameghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.