Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before fix pack 10 allows remote attackers to inject arbitrary web script or HTML via the output of a script.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Liferay | Liferay Portal | <= 7.3.2 |
| Liferay | Digital Experience Platform | 7.0 |
Related Weaknesses (CWE)
References
- http://liferay.comProduct
- https://issues.liferay.com/browse/LPE-17061Issue TrackingVendor Advisory
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publishePatchVendor Advisory
- http://liferay.comProduct
- https://issues.liferay.com/browse/LPE-17061Issue TrackingVendor Advisory
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publishePatchVendor Advisory
FAQ
What is CVE-2021-38263?
CVE-2021-38263 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before fix p...
How severe is CVE-2021-38263?
CVE-2021-38263 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-38263?
Check the references section above for vendor advisories and patch information. Affected products include: Liferay Liferay Portal, Liferay Digital Experience Platform.