CVE-2021-35463

MEDIUM

Liferay Portal 7.4.0 - Cross-Site Scripting via Management Toolbar Search Keywords Parameter

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120850663

Scores

CVSS v3 6.1

EPSS 0.0015

EPSS Percentile 35.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (3)

com.liferay/com.liferay.frontend.taglib.clay 0 - 7.1.15Maven

com.liferay.portal/release.portal.bom 7.4.0 - 7.4.1Maven

liferay/liferay_portal 7.4.0

Published Aug 04, 2021

Tracked Since Feb 18, 2026