Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell command.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Liferay | Liferay Portal | >= 7.1.0, <= 7.3.6 |
| Liferay | Digital Experience Platform | 7.1 |
Related Weaknesses (CWE)
References
- http://liferay.comProduct
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publishePatchVendor Advisory
- http://liferay.comProduct
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publishePatchVendor Advisory
FAQ
What is CVE-2021-38269?
CVE-2021-38269 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pa...
How severe is CVE-2021-38269?
CVE-2021-38269 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-38269?
Check the references section above for vendor advisories and patch information. Affected products include: Liferay Liferay Portal, Liferay Digital Experience Platform.