CVE-2021-33337

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-33337

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33337.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-33337

Published

2021-08-04T14:15:08Z

Modified

2025-03-04T11:06:22.934775Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Liferay Portal 7.3.0 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the comliferaydocumentlibrarywebportletDLAdminPortletname parameter.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Last affected

0ac7dd652f3cac9b7880e6dea92912b2d02dca3a

Last affected

59148a8775a2b2345694a023683d95b478c483c6

Introduced

b072f5df5544a28677824835b490ce8a867bf133

Last affected

6d28f4266948e7b0eeb14c3e8d16b3d81e02e8bb

Last affected

a3f823cf755fcf3660cd6c2c334840e9596ced9e

Last affected

ded0e9390637985231e962e4ad4cfa4639eabb26

Affected versions

7.*

7.3.0-ga1

7.3.1-ga2

7.3.2-ga3

7.3.3-ga4

7.3.4-ga5

Other

test-fix-pack-base-7310