GHSA-v88g-7fx4-9q7f

Source

https://github.com/advisories/GHSA-v88g-7fx4-9q7f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v88g-7fx4-9q7f/GHSA-v88g-7fx4-9q7f.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-v88g-7fx4-9q7f

Aliases

CVE-2021-33337

Published

2022-05-24T19:10:00Z

Modified

2025-07-14T18:59:35.977378Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Document Library module

Details

Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu versions 5.0.6 to before 5.0.54, in Liferay Portal 7.3.0 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the comliferaydocumentlibrarywebportletDLAdminPortletname parameter.

Database specific

{
    "nvd_published_at": "2021-08-04T14:15:00Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-14T17:46:41Z"
}

References

Affected packages

Maven / com.liferay:com.liferay.document.library.web

Package

Name: com.liferay:com.liferay.document.library.web; View open source insights on deps.dev
Purl: pkg:maven/com.liferay/com.liferay.document.library.web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.6

Fixed

5.0.54

Affected versions

5.*

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.0.11

5.0.12

5.0.13

5.0.14

5.0.15

5.0.16

5.0.17

5.0.18

5.0.19

5.0.20

5.0.21

5.0.22

5.0.23

5.0.24

5.0.25

5.0.26

5.0.27

5.0.28

5.0.29

5.0.30

5.0.31

5.0.32

5.0.33

5.0.34

5.0.35

5.0.36

5.0.37

5.0.38

5.0.39

5.0.40

5.0.41

5.0.42

5.0.43

5.0.44

5.0.45

5.0.46

5.0.47

5.0.48

5.0.49

5.0.50

5.0.51

5.0.52

5.0.53

Maven / com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.1.0

Fixed

7.1.10.fp20

Affected versions

7.*

7.1.10

7.1.10.fp1

7.1.10.fp2

7.1.10.fp3

7.1.10.fp4

7.1.10.fp5

7.1.10.fp6

7.1.10.fp7

7.1.10.fp8

7.1.10.fp9

7.1.10.fp10

7.1.10.fp11

7.1.10.fp12

7.1.10.fp13

7.1.10.fp14

7.1.10.fp15

7.1.10.fp16

7.1.10.fp17

7.1.10.fp18

7.1.10.fp19

Maven / com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.2.0

Fixed

7.2.10.fp9

Affected versions

7.*

7.2.1

7.2.10

7.2.10.fp1

7.2.10.fp1-1

7.2.10.fp2

7.2.10.fp3

7.2.10.fp4

7.2.10.fp5

7.2.10.fp6

7.2.10.fp7

7.2.10.fp8