Description

Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.

Remediation

References

CVE-2021-29039

Related Vulnerabilities

MySQL CVE-2022-21307 Vulnerability (CVE-2022-21307)

WordPress Plugin Ultimate GDPR & CCPA Compliance Toolkit for WordPress Security Bypass (2.4)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40882)

WordPress Plugin WooPay-Inicis Cross-Site Scripting (1.1.3)

MySQL CVE-2020-14868 Vulnerability (CVE-2020-14868)

Severity

Medium

Classification

CVE-2021-29039 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities