6.1
CVSSv3

CVE-2021-29049

Published: 09/06/2021 Updated: 16/06/2021
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote malicious users to inject arbitrary web script or HTML via the currentURL parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

liferay dxp 7.0

liferay dxp 7.2

liferay dxp 7.1

liferay dxp 7.3