Description

Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the title of a modal window.

Remediation

References

CVE-2021-33326

Related Vulnerabilities

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-28129)

WordPress Plugin Redux Framework Multiple Cross-Site Scripting Vulnerabilities (3.6.0.2)

WordPress Plugin WP Domain Redirect SQL Injection (1.0)

WordPress Plugin Bookly #1 WordPress Booking Plugin (Lite Version) Cross-Site Scripting (14.4)

WordPress Plugin Visitors Online by BestWebSoft Cross-Site Scripting (0.9)

Severity

Medium

Classification

CVE-2021-33326 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities