CVE-2021-33328
- Source
- https://cve.org/CVERecord?id=CVE-2021-33328
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-33328.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-33328
- Aliases
- Published
- 2021-08-03T19:15:08.823Z
- Modified
- 2026-06-26T03:54:52.784932630Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the (1) comliferayjournalwebportletJournalPortletname or (2) comliferaydocumentlibrarywebportletDLAdminPortlet_name parameter.
- Database specific
{ "unresolved_ranges": [ { "cpes": [ "cpe:2.3:a:liferay:digital_experience_platform:7.0:-:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_13:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_14:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_24:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_25:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_26:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_27:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_28:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_30:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_33:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_35:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_36:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_39:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_3:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_40:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_41:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_42:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_43:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_44:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_45:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_46:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_47:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_48:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_49:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_50:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_51:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_52:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_53:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_54:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_56:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_57:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_58:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_59:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_60:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_61:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_64:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_65:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_66:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_67:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_68:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_69:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_70:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_71:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_72:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_73:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_75:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_76:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_78:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_79:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_80:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_81:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_82:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_83:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_84:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_85:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_86:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_87:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_88:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_89:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_90:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_91:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_92:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_93:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_94:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_95:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:-:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_10:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_11:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_12:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_13:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_14:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_15:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_16:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_17:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_18:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_19:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_1:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_2:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_3:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_4:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_5:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_6:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_7:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_8:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_9:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_6:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_7:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_8:*:*:*:*:*:*" ], "extracted_events": [ { "last_affected": "7.0-NA" }, { "last_affected": "7.0-fix_pack_13" }, { "last_affected": "7.0-fix_pack_14" }, { "last_affected": "7.0-fix_pack_24" }, { "last_affected": "7.0-fix_pack_25" }, { "last_affected": "7.0-fix_pack_26" }, { "last_affected": "7.0-fix_pack_27" }, { "last_affected": "7.0-fix_pack_28" }, { "last_affected": "7.0-fix_pack_3" }, { "last_affected": "7.0-fix_pack_30" }, { "last_affected": "7.0-fix_pack_33" }, { "last_affected": "7.0-fix_pack_35" }, { "last_affected": "7.0-fix_pack_36" }, { "last_affected": "7.0-fix_pack_39" }, { "last_affected": "7.0-fix_pack_40" }, { "last_affected": "7.0-fix_pack_41" }, { "last_affected": "7.0-fix_pack_42" }, { "last_affected": "7.0-fix_pack_43" }, { "last_affected": "7.0-fix_pack_44" }, { "last_affected": "7.0-fix_pack_45" }, { "last_affected": "7.0-fix_pack_46" }, { "last_affected": "7.0-fix_pack_47" }, { "last_affected": "7.0-fix_pack_48" }, { "last_affected": "7.0-fix_pack_49" }, { "last_affected": "7.0-fix_pack_50" }, { "last_affected": "7.0-fix_pack_51" }, { "last_affected": "7.0-fix_pack_52" }, { "last_affected": "7.0-fix_pack_53" }, { "last_affected": "7.0-fix_pack_54" }, { "last_affected": "7.0-fix_pack_56" }, { "last_affected": "7.0-fix_pack_57" }, { "last_affected": "7.0-fix_pack_58" }, { "last_affected": "7.0-fix_pack_59" }, { "last_affected": "7.0-fix_pack_60" }, { "last_affected": "7.0-fix_pack_61" }, { "last_affected": "7.0-fix_pack_64" }, { "last_affected": "7.0-fix_pack_65" }, { "last_affected": "7.0-fix_pack_66" }, { "last_affected": "7.0-fix_pack_67" }, { "last_affected": "7.0-fix_pack_68" }, { "last_affected": "7.0-fix_pack_69" }, { "last_affected": "7.0-fix_pack_70" }, { "last_affected": "7.0-fix_pack_71" }, { "last_affected": "7.0-fix_pack_72" }, { "last_affected": "7.0-fix_pack_73" }, { "last_affected": "7.0-fix_pack_75" }, { "last_affected": "7.0-fix_pack_76" }, { "last_affected": "7.0-fix_pack_78" }, { "last_affected": "7.0-fix_pack_79" }, { "last_affected": "7.0-fix_pack_80" }, { "last_affected": "7.0-fix_pack_81" }, { "last_affected": "7.0-fix_pack_82" }, { "last_affected": "7.0-fix_pack_83" }, { "last_affected": "7.0-fix_pack_84" }, { "last_affected": "7.0-fix_pack_85" }, { "last_affected": "7.0-fix_pack_86" }, { "last_affected": "7.0-fix_pack_87" }, { "last_affected": "7.0-fix_pack_88" }, { "last_affected": "7.0-fix_pack_89" }, { "last_affected": "7.0-fix_pack_90" }, { "last_affected": "7.0-fix_pack_91" }, { "last_affected": "7.0-fix_pack_92" }, { "last_affected": "7.0-fix_pack_93" }, { "last_affected": "7.0-fix_pack_94" }, { "last_affected": "7.0-fix_pack_95" }, { "last_affected": "7.1-NA" }, { "last_affected": "7.1-fix_pack_1" }, { "last_affected": "7.1-fix_pack_10" }, { "last_affected": "7.1-fix_pack_11" }, { "last_affected": "7.1-fix_pack_12" }, { "last_affected": "7.1-fix_pack_13" }, { "last_affected": "7.1-fix_pack_14" }, { "last_affected": "7.1-fix_pack_15" }, { "last_affected": "7.1-fix_pack_16" }, { "last_affected": "7.1-fix_pack_17" }, { "last_affected": "7.1-fix_pack_18" }, { "last_affected": "7.1-fix_pack_19" }, { "last_affected": "7.1-fix_pack_2" }, { "last_affected": "7.1-fix_pack_3" }, { "last_affected": "7.1-fix_pack_4" }, { "last_affected": "7.1-fix_pack_5" }, { "last_affected": "7.1-fix_pack_6" }, { "last_affected": "7.1-fix_pack_7" }, { "last_affected": "7.1-fix_pack_8" }, { "last_affected": "7.1-fix_pack_9" }, { "last_affected": "7.2-NA" }, { "last_affected": "7.2-fix_pack_1" }, { "last_affected": "7.2-fix_pack_2" }, { "last_affected": "7.2-fix_pack_3" }, { "last_affected": "7.2-fix_pack_4" }, { "last_affected": "7.2-fix_pack_5" }, { "last_affected": "7.2-fix_pack_6" }, { "last_affected": "7.2-fix_pack_7" }, { "last_affected": "7.2-fix_pack_8" } ], "vendor_product": "liferay:digital_experience_platform", "source": "CPE_STRING" } ] }- References
Affected packages
Git / github.com/liferay/liferay-portal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/liferay/liferay-portal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "cpe": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "7.0.0" }, { "fixed": "7.3.5" } ], "source": "CPE_RANGE" }
Affected versions
6.*
6.1.0-b1
6.1.0-b2
6.1.0-b3
6.1.0-b4
6.1.0-rc1
6.2.0-b1
6.2.0-b2
6.2.0-m2
6.2.0-m3
6.2.0-m4
6.2.0-m5
6.2.0-m6
7.*
7.0.0-m1
7.0.0-m2
7.0.0-m3
7.0.0-m4
7.0.0-m5
7.1.0-a1
7.1.0-a2
7.1.0-b1
7.1.0-b2
7.1.0-m1
7.1.0-m2
7.2.0-a1
7.2.0-b1
7.2.0-b2
7.2.0-b3
7.2.0-m2
7.3.0-ga1
7.3.1-ga2
7.3.2-ga3
7.3.3-ga4
7.3.4-ga5
sync-3.*
sync-3.0.0-b1
sync-3.0.1-b2
sync-3.0.10-ga2
sync-3.0.2-b3
sync-3.0.3-b4
sync-3.0.4-b5
sync-3.0.5-b6
sync-3.0.6-b7
sync-3.0.7-b8
sync-3.0.8-b9
sync-3.0.9-ga1
sync-3.1.0-ga1
Other
test-fix-pack-base-7310