Description

Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portlet_configuration_css_web_portlet_PortletConfigurationCSSPortlet_portletResource parameter.

Remediation

References

CVE-2021-33332

Related Vulnerabilities

Oracle JRE CVE-2023-21835 Vulnerability (CVE-2023-21835)

WordPress Plugin Contact Form 7 Database Addon-CFDB7 CSV Injection (1.2.5.5)

Jenkins Protection Mechanism Failure Vulnerability (CVE-2021-21690 )

WordPress 2.0.1 Denial of Service Vulnerability (0.6.2 - 2.0.1)

MySQL Resource Management Errors Vulnerability (CVE-2010-3677)

Severity

Medium

Classification

CVE-2021-33332 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities