CVE-2021-29045

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.3.5 Liferay DXP 7.3 before fix pack 1

Description: A cross-site scripting (XSS) issue exists in the Redirect module's redirection administration page, allowing remote attackers to inject arbitrary web script or HTML via the com liferay redirect web internal portlet RedirectPortlet destinationURL parameter. This enables attackers to execute malicious scripts on the client-side.

Recommendations: For Liferay Portal versions 7.3.2 through 7.3.5, update to a version after 7.3.5 or apply the necessary fix. For Liferay DXP 7.3 before fix pack 1, apply fix pack 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the com liferay redirect web internal portlet RedirectPortlet destinationURL parameter in the Redirect module's redirection administration page to minimize the risk of exploitation.