Description

Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.

Remediation

References

CVE-2021-29039

Related Vulnerabilities

OpenVPN AS Divide By Zero Vulnerability (CVE-2023-46849)

SharePoint Other Vulnerability (CVE-2014-6357)

Oracle JRE CVE-2012-5087 Vulnerability (CVE-2012-5087)

WordPress Plugin OSD Subscribe Cross-Site Scripting (1.2.3)

WordPress Deserialization of Untrusted Data Vulnerability (CVE-2020-36326)

Severity

Medium

Classification

CVE-2021-29039 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities