Description

Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_redirect_web_internal_portlet_RedirectPortlet_destinationURL parameter.

Remediation

References

CVE-2021-29045

Related Vulnerabilities

WordPress Plugin Sidebar Adder 2 Cross-Site Scripting (2.0.0)

WordPress Plugin Redirection Cross-Site Request Forgery (1.1.3)

Oracle JRE CVE-2014-0460 Vulnerability (CVE-2014-0460)

WordPress 5.4.x Prototype Pollution (5.4 - 5.4.9)

WordPress Plugin Ultimate WordPress Auction Cross-Site Request Forgery (1.0.0)

Severity

Medium

Classification

CVE-2021-29045 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities