GHSA-w28v-87g6-cjr6

Source

https://github.com/advisories/GHSA-w28v-87g6-cjr6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w28v-87g6-cjr6/GHSA-w28v-87g6-cjr6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w28v-87g6-cjr6

Aliases

CVE-2021-29049

Published

2022-05-24T22:01:39Z

Modified

2025-05-14T08:27:08.283757Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the currentURL Parameter

Details

Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter.

Database specific

{
    "nvd_published_at": "2021-06-09T19:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-14T07:51:34Z"
}

References

Affected packages

Maven / com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0

Fixed

7.0.10.fp99

Affected versions

7.*

7.0.10.fp60

7.0.10.fp61

7.0.10.fp62

7.0.10.fp63

7.0.10.fp64

7.0.10.fp65

7.0.10.fp66

7.0.10.fp67

7.0.10.fp68

7.0.10.fp69

7.0.10.fp70

7.0.10.fp71

7.0.10.fp72

7.0.10.fp73

7.0.10.fp74

7.0.10.fp75

7.0.10.fp76

7.0.10.fp77

7.0.10.fp78

7.0.10.fp79

7.0.10.fp80

7.0.10.fp81

7.0.10.fp82

7.0.10.fp83

7.0.10.fp84

7.0.10.fp85

7.0.10.fp85-1

7.0.10.fp86

7.0.10.fp86-1

7.0.10.fp87

7.0.10.fp87-1

7.0.10.fp88

7.0.10.fp89

7.0.10.fp90

7.0.10.fp91

7.0.10.fp92

7.0.10.fp94

7.0.10.fp94-1

7.0.10.fp95

7.0.10.fp95-1

7.0.10.fp95-2

7.0.10.fp97

7.0.10.fp98

Maven / com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.1.0

Fixed

7.1.10.fp23

Affected versions

7.*

7.1.10

7.1.10.fp1

7.1.10.fp2

7.1.10.fp3

7.1.10.fp4

7.1.10.fp5

7.1.10.fp6

7.1.10.fp7

7.1.10.fp8

7.1.10.fp9

7.1.10.fp10

7.1.10.fp11

7.1.10.fp12

7.1.10.fp13

7.1.10.fp14

7.1.10.fp15

7.1.10.fp16

7.1.10.fp17

7.1.10.fp18

7.1.10.fp19

7.1.10.fp20

7.1.10.fp22

Maven / com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.2.0

Fixed

7.2.10.fp12

Affected versions

7.*

7.2.1

7.2.10

7.2.10.fp1

7.2.10.fp1-1

7.2.10.fp2

7.2.10.fp3

7.2.10.fp4

7.2.10.fp5

7.2.10.fp6

7.2.10.fp7

7.2.10.fp8

7.2.10.fp9

7.2.10.fp10

7.2.10.fp11

Maven / com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.3.0

Fixed

7.3.10.fp1

Affected versions

7.*

7.3.10

7.3.10.ep3

7.3.10.ep4

7.3.10.ep5