CVE-2021-29051

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-29051
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-29051.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-29051
Published
2021-05-17T12:15:07Z
Modified
2025-03-17T20:52:58.555981Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the comliferayassetpublisherwebportletAssetPublisherPortletINSTANCEXXXXXXXXXXXXassetEntryId parameter.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type
GIT
Repo
https://github.com/liferay/liferay-portal
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0ac7dd652f3cac9b7880e6dea92912b2d02dca3a
Last affected
59148a8775a2b2345694a023683d95b478c483c6
Last affected
a3f823cf755fcf3660cd6c2c334840e9596ced9e
Last affected
ded0e9390637985231e962e4ad4cfa4639eabb26
Last affected
f193301b2848899b008d51513af62a3b3a9b7888

Affected versions

6.*

6.1.0-b1
6.1.0-b2
6.1.0-b3
6.1.0-b4
6.1.0-rc1
6.2.0-b1
6.2.0-b2
6.2.0-m2
6.2.0-m3
6.2.0-m4
6.2.0-m5
6.2.0-m6

7.*

7.0.0-m1
7.0.0-m2
7.0.0-m3
7.0.0-m4
7.0.0-m5
7.1.0-a1
7.1.0-a2
7.1.0-b1
7.1.0-b2
7.1.0-ga1
7.1.0-m1
7.1.0-m2
7.1.0-rc1
7.1.2-ga3
7.2.0-a1
7.2.0-b1
7.2.0-b2
7.2.0-b3
7.2.0-ga1
7.2.0-m2
7.2.0-rc2
7.2.0-rc3
7.2.1-ga2
7.3.0-ga1
7.3.1-ga2
7.3.2-ga3
7.3.3-ga4
7.3.4-ga5
7.3.5-ga6

sync-3.*

sync-3.0.0-b1
sync-3.0.1-b2
sync-3.0.10-ga2
sync-3.0.2-b3
sync-3.0.3-b4
sync-3.0.4-b5
sync-3.0.5-b6
sync-3.0.6-b7
sync-3.0.7-b8
sync-3.0.8-b9
sync-3.0.9-ga1
sync-3.1.0-ga1

Other

test-fix-pack-base-7310