CVE-2021-35463

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-35463

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-35463.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-35463

Aliases

GHSA-9h7f-5hc8-cj5f

Published

2021-08-04T14:15:08.377Z

Modified

2026-03-13T05:10:46.060906Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter.

References

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120850663

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type

GIT

Repo

https://github.com/liferay/liferay-portal

Events

Introduced

Last affected

ec84d86679146b84af526f96471a730c340dda78

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.4.0"
        }
    ]
}

Affected versions

6.*

6.1.0-b1

6.1.0-b2

6.1.0-b3

6.1.0-b4

6.1.0-rc1

6.2.0-b1

6.2.0-b2

6.2.0-m2

6.2.0-m3

6.2.0-m4

6.2.0-m5

6.2.0-m6

7.*

7.0.0-m1

7.0.0-m2

7.0.0-m3

7.0.0-m4

7.0.0-m5

7.1.0-a1

7.1.0-a2

7.1.0-b1

7.1.0-b2

7.1.0-m1

7.1.0-m2

7.2.0-a1

7.2.0-b1

7.2.0-b2

7.2.0-b3

7.2.0-m2

7.3.0-ga1

7.3.1-ga2

7.3.2-ga3

7.3.3-ga4

7.3.4-ga5

7.3.5-ga6

7.4.0-ga1

sync-3.*

sync-3.0.0-b1

sync-3.0.1-b2

sync-3.0.10-ga2

sync-3.0.2-b3

sync-3.0.3-b4

sync-3.0.4-b5

sync-3.0.5-b6

sync-3.0.6-b7

sync-3.0.7-b8

sync-3.0.8-b9

sync-3.0.9-ga1

sync-3.1.0-ga1

Other

test-fix-pack-base-7310

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-35463.json"