{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_XXXXXXXXXXXX_assetEntryId parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-17T11:01:49", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://liferay.com"}, {"tags": ["x_refsource_MISC"], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-29051", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_XXXXXXXXXXXX_assetEntryId parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://liferay.com", "refsource": "MISC", "url": "http://liferay.com"}, {"name": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580", "refsource": "MISC", "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:55:12.676Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://liferay.com"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-29051", "datePublished": "2021-05-17T11:01:49", "dateReserved": "2021-03-22T00:00:00", "dateUpdated": "2024-08-03T21:55:12.676Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:liferay:dxp:7.1:-:*:*:*:*:*:*", "matchCriteriaId": "C2AA7E18-A41B-4F0D-A04F-57C5745D091B", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_1:*:*:*:*:*:*", "matchCriteriaId": "392B783D-620D-4C71-AAA0-848B16964A27", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_10:*:*:*:*:*:*", "matchCriteriaId": "4F5A94E2-22B7-4D2D-A491-29F395E727C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_11:*:*:*:*:*:*", "matchCriteriaId": "E9B10908-C42B-4763-9D47-236506B0E84A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_12:*:*:*:*:*:*", "matchCriteriaId": "CF544435-36AC-49B8-BA50-A6B6D1678BBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_13:*:*:*:*:*:*", "matchCriteriaId": "9D265542-5333-4CCD-90E5-B5F6A55F9863", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_14:*:*:*:*:*:*", "matchCriteriaId": "1763CD8B-3ACD-4617-A1CA-B9F77A074977", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_15:*:*:*:*:*:*", "matchCriteriaId": "F25C66AA-B60D-413C-A848-51E12D6080AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_16:*:*:*:*:*:*", "matchCriteriaId": "071A0D53-EC95-4B18-9FA3-55208B1F7B94", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_17:*:*:*:*:*:*", "matchCriteriaId": "CC26A9D4-14D6-46B1-BB00-A2C4386EBCA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_18:*:*:*:*:*:*", "matchCriteriaId": "350CDEDA-9A20-4BC3-BEAE-8346CED10CD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_19:*:*:*:*:*:*", "matchCriteriaId": "10C6107E-79B3-4672-B3E5-8A2FA9A829CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_2:*:*:*:*:*:*", "matchCriteriaId": "3233D306-3F8E-40A4-B132-7264E63DD131", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_20:*:*:*:*:*:*", "matchCriteriaId": "A978B14E-96F6-449F-8D8D-8E782A5A3D19", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_3:*:*:*:*:*:*", "matchCriteriaId": "9EAEA45A-0370-475E-B4CB-395A434DC3A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_4:*:*:*:*:*:*", "matchCriteriaId": "39310F05-1DB6-43BA-811C-9CB91D6DCF20", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_5:*:*:*:*:*:*", "matchCriteriaId": "D6135B16-C89E-4F49-BA15-823E2AF26D68", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_6:*:*:*:*:*:*", "matchCriteriaId": "CC887BEC-915B-44AC-B473-5448B3D8DCF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_7:*:*:*:*:*:*", "matchCriteriaId": "D7A7CC60-C294-41EC-B000-D15AAA93A3D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_8:*:*:*:*:*:*", "matchCriteriaId": "022132F8-6E56-4A29-95D6-3B7861D39CDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_9:*:*:*:*:*:*", "matchCriteriaId": "651DA9B7-9C11-47A7-AF5C-95625C8FFF6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:-:*:*:*:*:*:*", "matchCriteriaId": "8CAAE1B7-982E-4D50-9651-DEEE6CD74EED", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:*:*:*:*:*:*", "matchCriteriaId": "AFCF99EC-3384-418D-A419-B9DB607BE371", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:*:*:*:*:*:*", "matchCriteriaId": "31E05134-A0C5-4937-A228-7D0884276B67", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_3:*:*:*:*:*:*", "matchCriteriaId": "3F06C4AD-FD20-4345-8386-0895312F0A00", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:*:*:*:*:*:*", "matchCriteriaId": "98CC25E2-EC3D-43A2-8D03-06F0E804EA63", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:*:*:*:*:*:*", "matchCriteriaId": "30933C36-C710-488F-9601-EE1BB749C58A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:*:*:*:*:*:*", "matchCriteriaId": "41E94372-A1AE-48B1-82DC-08B7B616473F", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_7:*:*:*:*:*:*", "matchCriteriaId": "51FBC8E0-34F8-475C-A1A8-571791CA05F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_8:*:*:*:*:*:*", "matchCriteriaId": "1E73EAEA-FA88-46B9-B9D5-A41603957AD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_9:*:*:*:*:*:*", "matchCriteriaId": "CF9BC654-4E3F-4B40-A6E5-79A818A51BED", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*", "matchCriteriaId": "21C55D41-DB66-494D-BEEB-BDAC7CB4B31B", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "38A0581E-BA9F-4B6D-AFEE-28AAA8CE31F6", "versionEndIncluding": "7.3.5", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_XXXXXXXXXXXX_assetEntryId parameter."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en la aplicaci\u00f3n Asset Publisher del m\u00f3dulo Asset en Liferay Portal versiones 7.2.1 hasta 7.3.5, y Liferay DXP versiones 7.1 anteriores a fixpack 21, versiones 7.2 anteriores a fixpack 10 y versiones 7.3 anteriores a fixpack 1, permite a atacantes remotos inyectar un script web o HTML arbitrario por medio del par\u00e1metro _com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_XXXXXXXXXXXX_assetEntryId"}], "id": "CVE-2021-29051", "lastModified": "2021-05-25T13:28:52.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-17T12:15:07.460", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://liferay.com"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743580"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}