PT-2022-10703 · Liferay · Liferay Portal+1
Published
2022-03-02
·
Updated
2024-01-31
·
CVE-2021-38263
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Liferay Portal versions prior to 7.3.2
Liferay DXP versions prior to 7.0 fix pack 101
Liferay DXP versions prior to 7.1 fix pack 20
Liferay DXP versions prior to 7.2 fix pack 10
Description
A cross-site scripting (XSS) issue exists in the Server module's script console, allowing remote attackers to inject arbitrary web script or HTML via the output of a script. This could potentially lead to unauthorized actions on the affected system.
Recommendations
For Liferay Portal versions prior to 7.3.2, update to a version later than 7.3.2.
For Liferay DXP versions prior to 7.0 fix pack 101, apply fix pack 101 or later.
For Liferay DXP versions prior to 7.1 fix pack 20, apply fix pack 20 or later.
For Liferay DXP versions prior to 7.2 fix pack 10, apply fix pack 10 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Liferay Dxp
Liferay Portal