CVE-2021-29044
Summary
| CVE | CVE-2021-29044 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-05-17 11:15:00 UTC |
| Updated | 2021-05-24 20:22:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_site_my_sites_web_portlet_MySitesPortlet_comments parameter. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Liferay | Dxp | 7.0 | - | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_13 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_14 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_24 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_25 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_26 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_27 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_28 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_30 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_33 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_35 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_36 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_39 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_3\+ | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_40 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_41 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_42 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_43 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_44 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_45 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_46 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_47 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_48 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_49 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_50 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_51 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_52 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_53 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_54 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_56 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_57 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_58 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_59 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_60 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_61 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_64 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_65 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_66 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_67 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_68 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_69 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_70 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_71 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_72 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_73 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_75 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_76 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_78 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_79 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_80 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_81 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_82 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_83 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_84 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_85 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_86 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_87 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_88 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_89 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_90 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_91 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_92 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_93 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_94 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_95 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_96 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_1 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_10 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_11 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_12 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_13 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_14 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_15 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_16 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_17 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_18 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_19 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_2 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_20 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_3 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_4 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_5 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_6 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_7 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_8 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_9 | All | All |
| Application | Liferay | Dxp | 7.2 | - | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_1 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_2 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_3 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_4 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_5 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_6 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_7 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_8 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_9 | All | All |
| Application | Liferay | Dxp | 7.3 | - | All | All |
| Application | Liferay | Liferay Portal | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2021-29044 Stored XSS with membership request comment | MISC | portal.liferay.dev | |
| Digital Experience Software Tailored to Your Needs | Liferay | MISC | liferay.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.