Description

Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portlet_configuration_css_web_portlet_PortletConfigurationCSSPortlet_portletResource parameter.

Remediation

References

CVE-2021-33332

Related Vulnerabilities

PHP Other Vulnerability (CVE-2007-4528)

Oracle JRE CVE-2023-21967 Vulnerability (CVE-2023-21967)

Django Improper Input Validation Vulnerability (CVE-2012-3443)

WordPress Plugin Contact Form Submissions Unspecified Vulnerability (1.6.3)

WordPress Plugin Simple File List Arbitrary File Deletion (4.2.7)

Severity

Medium

Classification

CVE-2021-33332 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities