GSA_kwCzR0hTQS1qdnZ4LThnNDItOTU1Oc4AAohQ

Moderate EPSS: 0.00233% (0.46115 Percentile) EPSS:

Permalink JSON

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App

Affected Packages	Affected Versions	Fixed Versions
maven:com.liferay.portal:release.dxp.bom	>= 7.3.0, < 7.3.10.fp1, >= 7.2.0, < 7.2.10.fp10, < 7.1.10.fp21	7.3.10.fp1, 7.2.10.fp10, 7.1.10.fp21
0 Dependent packages 2 Dependent repositories Affected Version Ranges All affected versions 7.1.1-0.1, 7.1.1-0.3, 7.1.1-0.4, 7.1.1-0.5, 7.1.1-0.6, 7.1.1-0.7, 7.1.1-0.8, 7.1.1-0.fp1, 7.1.1-0.fp2, 7.1.1-0.fp10, 7.1.1-0.fp11, 7.1.1-0.fp12, 7.1.1-0.fp13, 7.1.1-0.fp14, 7.1.1-0.fp15, 7.1.1-0.fp16, 7.1.1-0.fp17, 7.1.1-0.fp18, 7.1.1-0.fp19, 7.1.1-0.fp20, 7.2.1-0.1, 7.2.1-0.2, 7.2.1-0.3, 7.2.1-0.3-1, 7.2.1-0.4, 7.2.1-0.4-1, 7.2.1-0.5, 7.2.1-0.5-1, 7.2.1-0.6, 7.2.1-0.7, 7.2.1-0.8, 7.2.1-0.fp1, 7.2.1-0.fp1-1, 7.3.1-0.0-2, 7.3.1-0.1, 7.3.1-0.3, 7.3.1-0.ep3, 7.3.1-0.ep4, 7.3.1-0.ep5 All unaffected versions 7.1.10, 7.2.1, 7.2.10, 7.3.10, 7.4.11, 7.4.12, 7.4.13
maven:com.liferay.portal:release.portal.bom	>= 7.2.1, <= 7.3.5	7.3.6
5 Dependent packages 33 Dependent repositories Affected Version Ranges All affected versions 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5 All unaffected versions 7.0.6, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.3.6, 7.3.7, 7.4.0, 7.4.1, 7.4.2

Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_XXXXXXXXXXXX_assetEntryId parameter.

References:

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS1qdnZ4LThnNDItOTU1Oc4AAohQ

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App

Affected Version Ranges

All affected versions

All unaffected versions

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API