CVE-2021-38265
published 2022-03-03CVE-2021-38265: Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| liferay | digital_experience_platform | <= 7.3 | — |
| liferay | liferay_portal | 7.3.4 – 7.3.6 | — |