CVE-2021-29039
MEDIUMLiferay Portal 7.3.4 - Stored Cross-Site Scripting in Asset Module Site Name
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
http://liferay.com
Vendor Advisory x_refsource_misc
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120777766
Scores
CVSS v3
6.1
EPSS
0.0047
EPSS Percentile
65.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
com.liferay.portal/release.portal.bom
7.3.4 - 7.3.5Maven
liferay/liferay_portal
7.3.4
Published
May 16, 2021
Tracked Since
Feb 18, 2026