Description

Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.

Remediation

References

CVE-2021-29039

Related Vulnerabilities

Microsoft SQL Server CVE-2023-38169 Vulnerability (CVE-2023-38169)

MySQL CVE-2017-3649 Vulnerability (CVE-2017-3649)

WordPress Plugin Captcha by BestWebSoft Security Bypass (3.8.7)

WordPress Plugin to Manage/Design WordPress Blog-WP Blog Manager Lite includes Backdoor [Only if downloaded via the vendor website] (1.1.0)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1832)

Severity

Medium

Classification

CVE-2021-29039 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities